Security researchers have uncovered a sick new form of computer-locking ransomware that lures in victims by posing as an appeal to help starving toddlers. With a note titled ‘Save Children’, the malware will encrypt personal files and demand cryptocurrency for their return.
The variant first came to light this week (12 June) after the ransom demand was uploaded to ID-Ransomware, an online platform which helps identify known malware strains. Threat researcher Lawrence Abrams has warned on a support page it is “not decryptable at this time.”
The ransom note displays a well-known image of Anja Ringgren Lovén, founder of an African aid foundation, providing a drink to an emaciated young child who had been abandoned by his family in Nigeria.
“Congradulations! (sic) Now you are a member of GPAA (Global Poverty Aid Agency),” it reads.
“We need bitcoins, our crowdfunding goal is to get 1000 BTCs. 1 BTC for 1 CHILD! Your important files are encrypted. It means you will not be able to access them anymore until they are decrypted.”
Of course, the GPAA is not a real organisation. Nevertheless, the culprit is attempting to force victims into paying 1.83 Bitcoin (£3,900, $4,970) to regain control over their files. “When the goal is achieved, you will get the decrypt program. Use your phone to pay it,” the note reads.
Researchers found the ransomware targets dozens of file types, including 7z, mp3, mp4, jpg, zip and rar. After encryption takes place, file names are scrambled and changed to have a .cerber6 extension, a reference to the particularly nasty form of ransomware with the same name.
“It’s bad enough that these developers are hurting people and their business by encrypting their files, but to spout complete BS while taking advantage of the horrible misfortunes of others to earn money is just disgusting,” Abrams wrote in a post on Bleeping Computer this week.
“Please restore from backups or try restoring from shadow volume copies if at all possible so you do not have to pay these people,” he added.
Ransomware has become a major problem for businesses and web users, with one strain called “WannaCry” recently causing a global outbreak by infecting machines across 150 countries.
It can impact both Microsoft Windows and Apple Mac systems. Experts admit ransomware is often difficult to combat as it spreads in a variety of ways, mainly via attachments in phishing emails.
Researchers advise keeping all systems up-to-date and creating regular back-ups.