In a particularly devious and sinister new ransomware scheme, hackers are masquerading as federal law enforcers on phony pop-up warnings to intimidate users into unwittingly downloading malware, reports Kelly Jackson Higgins at Dark Reading. The pop-up scam warns that illegal material, such as child pornography and emails from terrorists, were found on the victim's computer, and then a Trojan locks the machine and removes data stored on the hard drive until the user pays the ransom.

Microsoft researchers say that this variation of ransomware includes different versions for different countries. The version targeting German users masquerades as the German Federal Police, while the one targeting Swiss users poses as the Federal Department of Justice and Police.

The pop-up messages, which appear with a police banner that looks official, are daunting:  "Attention! Illegal activity was detected. The operating system was locked for infringement against the laws of Switzerland. Your IP address is . From this IP address, sites containing pornography, child pornography, bestiality and violence against children were browsed. Your computer also has video files with pornographic content, elements of violence and child pornography. Emails with terrorist background were also spammed. This serves to lock the computer to stop your illegal activities."

The malware is spreading by way of compromised websites and email messages. German-speaking victims either open a link that sends them to a URL that hosts an exploit kit or go to a website that was compromised with malicious JavaScript, Jackson Higgins reports.

"Considering the wide distribution of scams such as this ransomware, it's clear that there's a lot of money at stake," said Microsoft (NASDAQ: MSFT) researchers. "That's why the bad guys invest in making their scams look more convincing for the unsuspecting user. This includes adapting social engineering techniques to the specifics of various countries and pretending to be the local authorities.

For more:
- see Kelly Jackson Higgins's article at Dark Reading

Related Articles:
Zeus Trojan mules used fake names, passports
Low-level malware worries security professionals the most, says report
Botnet militia amassing for unknown purpose