The hackers have employees and provide service for the buyers. What this program does is to encrypt your computer so you need to pay the extortionists what they want to get they key to access your data again.
It can also control your web camera and other parts of the computer.
This can be legal if you want to control your office from home so the sale of this software is not illegal.
But if you use it for remote access to computers that you do not own - then it is a crime (and that seems to be the main purpose of the software).
This might represent a legal challenge.
In order for this to work you need to click on an e-mail link or a link on Facebook etc; once that is done the bad guys have control over your PC.
This was becoming a global business so the FBI and their counterparts in other countries did a global crackdown to catch all of these potential crooks at the same time without possibilities for warnings.
350 flats in 15 different countries were raided.
They caught 100 of these people, who do not have a to bright future if their computers show that they have taken over third party computers..
To make the story a bit more juicy; miss Teen US was hacked and the crocks had nude photos of her in her bedroom, taken with her web camera.
They used this for extortion.
She claims that here antivirus was all up to date , and there is every reason to believe her.
If you download files by clicking on links in e-mails or in Facebook; it may well be that the latest AV software cannot help you.
To avoid this - don't click those links
If you may have done it anyway look for these files on you computer that do indicate that you are infected:
- dos_sock.bss
nir_cmd.bss
pws_cdk.bss
pws_chro.bss
pws_ff.bss
pws_mail.bss
pws_mess.bss
The following registry subkey is added:
Code: Select all
Computer\HKEY_CURRENT_USER\Software\VBandVBA Program Settings\SrvID\ID\[string of letters and numbers]This is how you check it:
- Click the Start menu.
Type “regedit” in the search field.
Execute the Registry Editor (regedit.exe). If prompted, select “Yes” to allow the program to make changes to the computer.
Select “Edit” from the window toolbar.
Select “Find” from the Edit menu.
Type “SrvID” in the Find field.
If you find any of the above report it to the FBI crime center or Europool
The FBI advises you to contact your ISP or professional computer consultant if that is the case.
This mallware only affects Windows so if you use Mac or Linux you can relax.
We will give you the only professional advice for free:
Re-install your OS and change all passwords
Good police work there!
(Don't be surprised if all the spy junkies crawl out of the woodwork to fight for more surveillance though. Catching these criminal Blackshade spies is right - the governments should not follow their example).
More here