Cyber crooks' use of 'Police Virus' ransomware on the rise

Cyber criminals are now using the infamous ‘Police Virus' malware as fully functioning ransomware, according to a report from security firm PandaLabs.

The Police Virus is a common technique used by criminals to infect computers by masquerading as law enforcement agencies demanding money for fictional crimes.

Scams have been detected across the globe demanding money for copyright infringement, missed court dates and even parking tickets.

PandaLabs warned that it had detected the evolution of the scam from standard scareware to ransomware in its latest quarterly threat report, which analysed incidents from April through June 2012.

The firm went on to warn that the campaigns are continuing to evolve at a rapid pace, with criminals creating increasingly effective ways to hold users data to ransom and demand payment for its safe return.

"The first versions of the new Police Virus only encrypted .doc files, and the encryption wasn't too hard to crack, so it was possible to decrypt the files without the key," read the report.

"Now, however, a more sophisticated encryption is being used, and the decryption key is required to unlock the files. And not only that, the files are encrypted with a different key for each infected computer, so, unless you are able to access the server that stores all keys, it is absolutely impossible to access the files."

The evolution came alongside a boom in the number of Trojan viruses targeting the world. The report revealed that Trojans are now the most common form of cyber attack, accounting for 79 per cent of all threats.

Worms were the second biggest threat detected, being responsible for 11 per cent of all attacks.

Trojans continued to prove the most effective attack method during the quarter speaking for 76 per cent of all infections, while viruses came second accounting for eight per cent.

"It is interesting to note that worms have only caused six per cent of infections despite accounting for almost 11 per cent of all new malware", said Luis Corrons, technical director of PandaLabs.

"The figures corroborate what is well known: massive worm epidemics have become a thing of the past and have been replaced by an increasing avalanche of banking Trojans and specimens such as the Police Virus."

Looking to the future Corrons warned that the scam is one of the numerous cyber crime kits currently on sale and will likely remain an ongoing problem in the foreseeable future.

"This so called ‘Police Virus' appears to be created for and distributed by a cyber criminal gang from Eastern Europe or Russia, and police forces from across Europe are working together to try and identify and arrest them," said Corrons.

"But this is something that takes a long time and huge amount of effort, which is not immediately obvious when we only see the headlines after months or years of investigations."

PandaLabs findings follow on from earlier warnings by Microsoft's Trustworthy Computing and Finnish security firm F-Secure, both of which reported a boom in ransomware attacks earlier in July.