When it was first exposed to the public, ransomware was a deadly new attack vector that threatened to lock your PC away for good unless you paid the demanded sum. Over time, however, the security companies have adapted to the new wave of attacks and supplied the public with ways to get around it.
For example, the world was once rocked by the threat that was WannaCry. It brought down businesses and hospitals as the malware spread around the world. After a while, however, security companies unraveled its code and discovered it was actually pretty poorly programmed. Someone infected with WannaCry could talk to a security expert to get the ransomware off their system.
As such, ransomware authors have had to prevent the user from getting help. They can’t really control whether or not the user calls for support, but they can try tactics which make it somewhat difficult for the victim to ask for it. This is the case of a recent ransomware author, who used the victims’ porn habits against them.
How the Attack Worked
This is how Zain Qaiser managed to make millions off his victims before he was apprehended by the police and jailed. He used a shame-driven method to get the money off the people who fell for his attack.
To do this, he first made a website that posted as a legitimate service. He would then buy advertising spots on many adult sites around the Internet. When a user of an adult website clicked this link and downloaded the software, the ransomware would activate and lock down the PC.
This ransomware worked identically to other strains, with an added catch: the malware claimed it had photographs and videos of the victim during the lockdown, recorded via the webcam. It would prove this by showing a photo taken from the webcam.
It also makes a claim that the computer is under lockdown from law enforcement, who detected pirated MP3s and video files on the hard drive. The only way to unlock the PC again is to pay the fine associated with this fictional crime.
The malware author designed his program in this way in the hopes it would catch the users at a bad time. If the user has been caught at an inopportune moment, they’ll be far more hesitant to call for support. Even if they haven’t, the fear of having to explain away these pirated files is enough to get people to stay quiet, especially if they actually have downloaded illegal music and think the warning is legitimate!
Fortunately, Zain was eventually caught and put on trial after it was discovered his network could have earned up to £4 million from these attacks alone. He was given six years in jail.
Due to ransomware’s prior infamy, users have raised their shields against it. Hackers have had to resort to dirty tactics to get the users to pay up. Zain is a good example of this, and his exploits landed him behind bars.
What do you think of this method of attack? Let us know below.