Kovter infections have doubled over the last month Researchers at Damballa have seen the number of Kovter infections double over the last month, as criminals increasingly turn to extortion as a means of generating income.Kovter is Ransomware that primarily targets users of adult websites, but the malware itself has been used outside of that demographic as well – everyone is fair game.“Damballa’s threat research team has seen infections related to the Kovter malware nearly double over the past month – up from 7,000 infections to about 15,000 infections,” wrote Gina Pimentel, of Damballa Threat Research, on the company’s blog.“Many Ransomware families capture and display system and user information to legitimize allegations of a ‘crime.’ Kovter takes this to an extreme. The malware scans your browser history searching for adult websites and associated cached content, which it presents on the splash screen while locking your computer as ‘evidence’. If no adult website browsing history is found, the malware will manufacture ‘evidence’ by redirecting your browser to a randomized adult website where it logs the history and retrieves content to display.”In 2013, the malware gained headlines because it would first display a child pornography website before encrypting the victim’s system and holding it hostage. The shock of seeing such horrific images led many people to pay the $300 ransom, but the worst part was that the images and links came from the malware itself, so they were actually stored on the user’s system.The scam used customized warning screens and payment options (pre-paid money cards), depending on where the victim lived. Generally, Kovter focuses on users in the U.S., the U.K., Germany, Spain, France, Italy, and the Netherlands. Ransomware has started to take off in recent months, as criminals are fueled by the success of CryptoLocker. Before making its debut in 2013, the money generated by CryptoLocker in its first few months of life would’ve normally taken criminals nearly a year to generate with similar scams.Early variants of Ransomware were easily defeated, but once criminals started to use encryption, the tables turned. Now, while the malware can be removed, the files on the system are forever lost.Thus, backups have become the default recovery option. But prevention relies on patched systems and software, updated anti-malware, as well as caution when dealing with unknown files and websites. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe