• United States



Senior Staff Writer

Ransomware: Kovter infections on the rise

May 19, 20142 mins
CybercrimeIT LeadershipMalware

Kovter infections have doubled over the last month

Researchers at Damballa have seen the number of Kovter infections double over the last month, as criminals increasingly turn to extortion as a means of generating income.

Kovter is Ransomware that primarily targets users of adult websites, but the malware itself has been used outside of that demographic as well – everyone is fair game.

“Damballa’s threat research team has seen infections related to the Kovter malware nearly double over the past month – up from 7,000 infections to about 15,000 infections,” wrote Gina Pimentel, of Damballa Threat Research, on the company’s blog.

“Many Ransomware families capture and display system and user information to legitimize allegations of a ‘crime.’ Kovter takes this to an extreme. The malware scans your browser history searching for adult websites and associated cached content, which it presents on the splash screen while locking your computer as ‘evidence’. If no adult website browsing history is found, the malware will manufacture ‘evidence’ by redirecting your browser to a randomized adult website where it logs the history and retrieves content to display.”

In 2013, the malware gained headlines because it would first display a child pornography website before encrypting the victim’s system and holding it hostage.

The shock of seeing such horrific images led many people to pay the $300 ransom, but the worst part was that the images and links came from the malware itself, so they were actually stored on the user’s system.

The scam used customized warning screens and payment options (pre-paid money cards), depending on where the victim lived. Generally, Kovter focuses on users in the U.S., the U.K., Germany, Spain, France, Italy, and the Netherlands.

Ransomware has started to take off in recent months, as criminals are fueled by the success of CryptoLocker. Before making its debut in 2013, the money generated by CryptoLocker in its first few months of life would’ve normally taken criminals nearly a year to generate with similar scams.

Early variants of Ransomware were easily defeated, but once criminals started to use encryption, the tables turned. Now, while the malware can be removed, the files on the system are forever lost.

Thus, backups have become the default recovery option. But prevention relies on patched systems and software, updated anti-malware, as well as caution when dealing with unknown files and websites.