Ransomware Worm Hits Porn Sites, Bilks 2,500 Users
According to a PC World report, nearly 2,500 users have been bilked as a result of the fast-spreading virus — Worm_Rixobot.A — also being called “ransomware.”
Research company Trend Micro said the malware has hit porn sites, instant messaging applications and has even infected USB drives over the last few weeks. Because of the extended time period the ransomware is being called a worm rather than a Trojan.
The worm takes over a user’s PC by terminating a range of Windows and security programs and then blocks access to websites. A splash screen then demands ransom in Russian currency that amounts to $12. Users then have to text a premium-rate SMS number to receive an unlock key.
The con apparently works because of the small sum of money and simple text method required to regain control.
Trend hacked the worm’s servers and reported that the latest campaign has made 901,000 RUR (about $29,500) in just five weeks, affecting about 2,500 victims although the real number could be much higher.
According to Trend, the worm was initially downloaded 137,000 times in December alone, mostly in Russia. The U.K. reported 3,000 downloads.