The company on Friday said device owners reported being targeted in a ransomware campaign that tricked victims into believing their computer had been locked. A phony message sent by the attacker said Mandiant, Interpol, the FBI and the USA Cyber Crime Center had locked the victim's system pending the payment of a fine, the company said.
A Mandiant spokesperson said the company didn't have any additional information about the scareware campaign on Friday. Ransomware is a common attack technique used by financially motivated cybercriminals.
[Related: Chinese Group Tied To Massive, Ongoing Cyberattacks In U.S. ]
"We’re still actively investigating the issue," the spokesperson told CRN. "Mandiant has no involvement with this malware or the scam."
Ransomware typically initially infects victims through an attack website, say security researchers. It also spreads through phishing campaigns by luring the victim to open a malicious attachment, according to Microsoft, which recently analyzed Reveton, a popular ransomware campaign behind the Citadel banking Trojan. The attacks have been on the rise globally, Microsoft said.
Mandiant has been increasingly in the public eye following a highly publicized report in February that exposed how groups believed to be controlled by the Chinese government infiltrated more than 100 businesses to steal intellectual property and spy on executives. The firm said in May that its cyberespionage report disrupted the group's operations. Phishing attacks using messages containing a malicious file attachment with a phony Mandiant report soon followed.
The FBI has issued multiple warnings about ransomware attacks in recent years. It said that attacks sometimes lock up a victim's computer screen, encrypting the data until a fee is paid. Security researchers at Webroot have been tracking a recent spike in ransomware activity. The company said in May that it recommends users periodically back up their data.
Symantec said on Wednesday that fake computer lockers are everywhere. The company released analysis of Shadowlock, a Trojan that infects victims' machines, locks them up and forces them to take an online survey. Symantec researchers reverse engineering the malware said they detected a music file in the form of the five-tone melody from the movie "Close Encounters Of The Third Kind."
In addition to shutting down the victim's browsers, Shadowlock disables system tools to maintain persistence on the victim's machine. It disables the Windows firewall and has the ability to redirect victims to pornographic websites. In addition, it can "swap mouse buttons, open the CD tray, or launch basic OS apps like Calculator or MS Paint," wrote Fred Gutierrez, a Symantec researcher.
Gutierrez said many of the functions of the Trojan were not being used, indicating that the malware author could be testing it or merely using it to direct users to the online survey scam. Shadowlock is not widespread, he said.
"These functions [as well as others] may find themselves being used in a future variant," Gutierrez wrote.
PUBLISHED JULY 15, 2013
related stories
Video
trending stories
sponsored resources

Trend Micro
Managed Security 360

HubStor
Cloud Backup 360

Cysurance
Cyber Insurance 360

Tenable
Cyber Risk 360

Products of the Year Showcase

Dell Technologies
Dell Technologies Cloud Learning Center

Bitdefender
Cybersecurity 360

EPOS
EPOS

Fujifilm
Fujifilm

Application Integration 360

Mimecast
Mimecast

Comcast
Comcast Business Learning Center

Dell Technologies
Dell Technologies Server Learning Center

WatchGuard
WatchGuard

Hitachi Vantara
Hitachi Vantara

Dell Technologies
Dell Technologies Storage Learning Center

Carbonite
Cloud Storage 360

Sophos
Sophos Cybersecurity Learning Center

Webroot
Webroot Learning Center

BlackBerry
BlackBerry Learning Center

NPD
Industry Trends 360

Symantec
Symantec Business Security Learning Center

Channel Chief Showcase

Acer
Remote Workforce 360

Sherweb
Sherweb

APC by Schneider Electric
Digital Services for Edge Learning Center

VMware

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

Comm100
Collaboration & Communications 360

Veeam
Veeam

Trend Micro
Trend Micro Learning Center

eSentire
Managed Detection and Response 360
