Two of the most annoying types of malicious activities in today’s computer world have been united in a “best of both worlds” malware.
The new piece of undesirable software locks up the victim’s computer and requests that they complete one or two surveys in order to receive an unlock code for the infected computer.
Typically, ransomware attacks lock up computers, pose as originating from the victim’s country authorities and request money (a “fine”) in order to unlock the infected computers. They usually show a message that claims that the computer was locked because it was used for illegal distribution or download of copyrighted material like movies, music and games, or even child abuse material.
As for survey scams, they usually are used by marketing affiliates in order to get CPA (Cost Per Action) money from a survey service by getting many people to complete surveys. Most of the time the affiliates set up fake contests in order to get people to fill out a survey. In many cases, the surveys themselves have the sole role of harvesting personal information from those who fill them out.
The new malware that combines these two types of illicit activities was spotted for sale on underground cybercrime forums by Dancho Danchef, a security researcher that works for Webroot.
If a PC gets the ransomware installed, the victim is presented with a screen that asks the user to complete one or two surveys to unlock their system. The malware blocks Task Manager, cmd, Regedit, the Start Menu and it prevents many other applications from running. Even worse, it works on any version of Windows.
“Despite the fact that the ransomware doesn’t pose any sophisticated features … it [still] provides an example of an efficient business model aiming to utilize cost-per-action (CPA) affiliate networks in an attempt to generate revenue for the market participants,” Dancho Danchev wrote in a blog post where he also included a screenshot of the malware’s description that was posted on an underground forum.