Demands payment for accessing extremist websites and porn The recent spate of ransom malware has taken a strange turn with the news that criminals are impersonating the UK’s Metropolitan Police Service in an attempt to persuade victims to pay a fine for being caught accessing extremist or porn websites.After apparently being alerted by members of the public and an unamed security company, the Met’s Police Central eCrime Unit (PCeU) has put out a warning about the scam in which unnamed malware locks up infected PCs before demanding a “substantial fee” be sent to the police organisation.“The message advises the user that they have been caught accessing extreme pornography or terrorism related websites,” said a note put out by the PCeU. “It states that to unlock their computers they are required to forward a substantial fee to the MPS, by way of an online payment service.”The PCeU was not able to confirm which malware was involved nor to elaborate on the infection mechanism beyond stating that infection could happen after visiting “certain websites,”a vagueness that compromises the usefulness of the warning to some extent. Given the adoption of the MPS as the method of threat, however, the attack will be aimed at UK users who have no connection to either porn or extremism.The attack is similar to Ransom.an, a Trojan reported only days ago which demands in German language text that claims to be from Microsoft that victims pay $126 for a Windows license within 48 hours or be locked out of their PCs. This type of ransom social engineering attack has flared up every now and again at relatively low levels ever since first being tried in 2006, with one of the most persistent culprits being Gpcode. Usually the locking mechanism is either non-existent or can be reversed easily by security researchers; occasionally the attack has used encryption but that approach has fallen out of favour because it adds complexity.Ransom attacks are nowadays mostly extreme variations on fake antivirus scam theme, where attackers seek to gain payment for non-existent PC infections. It is probably the success of this type of attack as much as anything else that has kept ransom malware on the fringes. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe