Trojan.Ransomgerpo criminal arrested
Revision as of 21:51, 14 February 2013 by Eric.freyssinet (talk | contribs)
(Publication) Google search: [1]
| Trojan.Ransomgerpo criminal arrested | |
|---|---|
| |
| Botnet | Ransom.EY, Ransomgerpo |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-02-14 |
| Editor/Conference | Symantec |
| Link | http://www.symantec.com/connect/blogs/trojanransomgerpo-criminal-arrested www.symantec.com (www.symantec.com Archive copy) |
| Author | Symantec Security Response |
| Type | Blogpost |
Abstract
“ Spanish police have reported the arrest of an individual involved with a particular strain of police Ransomware known as Ransom.EY, detected by Symantec as Trojan.Ransomgerpo.
This variant is one of the earliest active police Ransomware families, which Symantec has been tracking since at least July, 2011. The Trojan was distributed using drive by download techniques, in conjunction with the Black Hole exploit kit. Early versions of the locking screen were quite primitive but quickly evolved as the author obviously stole design ideas from other Ransomware gangs as shown in Figure 1.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1302,
editor = {Symantec},
author = {Symantec Security Response},
title = {Trojan.Ransomgerpo criminal arrested},
date = {14},
month = Feb,
year = {2013},
howpublished = {\url{http://www.symantec.com/connect/blogs/trojanransomgerpo-criminal-arrested www.symantec.com}},
}