Fake Police Ransomware Scam

Uploaded on 2017-04-27 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cyber Criminals used JavaScript from another domain to trick users into believing that their devices had been compromised by a police ransomware.

Apple Inc issued a quick iPhone software update to iOS (10.3) recently when its customers reported a series of ransomware attacks targeting Safari browser.

It all started in February 2017 when iPhone users were targeted with a ransomware note accusing them of watching X-rated and pirated content. 

Furthermore, the cyber criminals claimed that it will be impossible to remove the ransomware until a sum of USD 124 (Euro 115) in the form of iTunes gift card is sent to a particular phone number.

The ransomware note was phony since clearing Safari browser’s cache would allow users to access the browser again. 

The crooks were taking advantage of JavaScript in order to trick users into believing that their browser has been compromised due to illegal activities.

The JavaScript in this attack was taken from a website called pay-police.com and was slightly obfuscated using an array of hex values to masque behavior of the code. The pop-up attack on newer versions of iOS appeared to DOS (denial of service) the browser.

The researchers at IT security firm Lookout wrote in their blog post that “the attack doesn’t actually encrypt any data and hold it ransom. Its purpose is to scare the victim into paying to unlock the browser before he realises he doesn’t have to pay the ransom to recover data or access the browser.”

Simply put, the cyber criminals were abusing Safari browsers to scare unsuspecting users into pay money, however, Apple took the treat seriously and issued the update before these elements could further abuse the browser settings.

This is not the first time when Apple’s Safari browser has been used for malicious purposes. Previously, a critical flaw allowed state actors to use Safari browser to hack celebrities, activists and journalists.

It is a fact that Apple devices are the prime target for scammers and cyber criminals. Recently a group of hackers calling themselves Turkish Crime Family threatened to wipe up to 300 million iPhones unless Apple paid a massive amount in ransom.

HackRead

You Might Also Read: 

Ransomware 'customer support' Chat Reveals Criminals' Ruthlessness:

Browser Autofill Can Be Used To Steal Data:

Targeted Ransomware Attacks Are Focusing On Business:

 

 

« Drones, Satellites And Cyber Warfare
US Intelligence Agencies Fear Insiders As Much As Spies »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

RedTeam Security

RedTeam Security

RedTeam Security is a provider of Penetration Testing, Social Engineering, Red Teaming and Red Team Training services.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

National Cyber Security Agency (NACSA) - Malaysia

National Cyber Security Agency (NACSA) - Malaysia

NACSA is the leading government agency in Malaysia responsible for the development and implementation of national cyber security management policie and strategies.

authUSB

authUSB

authUSB Safe Door is a tool that provides secure access to the content of USB devices that circulate in organizations.

Iron Bow Technologies

Iron Bow Technologies

Iron Bow Technologies is a leading IT solution provider dedicated to successfully transforming technology investments into business capabilities for government, commercial and healthcare clients.

Microland

Microland

Microland’s delivery of digital is all about making technology do more and intrude less for global enterprises. Our services include Cloud & Data Center, Networks, Cybersecurity and more.

CyberUK

CyberUK

CYBERUK is the UK government’s flagship cyber security event and the authoritative event for the UK’s cyber security community.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

ServerScan

ServerScan

ServerScan specializes in providing server scanning & compliance services to organizations of all types and sizes.

Difenda

Difenda

Difenda Shield is a fully integrated and modular cybersecurity suite that gives your organization the agility it needs to implement a world-class cybersecurity system.

Involta

Involta

Involta orchestrates IT transformation journeys using well-defined and rigorous processes to deliver hybrid cloud solutions, consulting and data center services tailored to our clients’ needs.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

Spec

Spec

Spec is the only no-code orchestration platform that protects enterprise fraud defenses from being blocked, bypassed, and manipulated by modern attack tactics.

Tracebit

Tracebit

Tracebit uses decoys to detect and respond to cloud intrusions in minutes.

Pacific Certifications

Pacific Certifications

Pacific Certifications provide accredited certification, training and support services to help you improve processes, performance and products and services.

MadWolf Technologies

MadWolf Technologies

MadWolf’s mission is to deliver enterprise-quality managed services and focused applications to organizations operating in the non-profit, association and international development sectors.