Ransomware Part III: another drop of the Irish

I’m caught up this week in a lengthy internal meeting, and next week with Virus Bulletin in Dallas, but I couldn’t resist a quick follow-up to the Gaelic ransomware posts here and here. The indefatigable Kafeine (heartfelt hat tip!) has laid his hands on another copy of the scam message, and this time it does come complete with Irish flag (and, to my eye, much the same social engineering).

(Click on the image to get it full size.)

The malware is currently detected by 9/41 vendors, according to VirusTotal, and the hash is 1946d4508691a113651a4ef202ba15fe.

If you’d like to get some information on this particular branch of the graphic design cottage industry, complete with a nice range of other designs in a range of languages (including English), you might want to check out Kafeine’s post here (and Malekal’s – in French – on Ransomware «  Trojan.Casier   » Panel). I must admit that the post appeals immensely to my inner philatelist, as well as providing me with some interesting info on an aspect of this type of malware that I hadn’t really looked at before.

There’s also an example of a particularly fine miscommunication between designer and scammer: a design in Iranian targeting Irish speakers. Now there’s an Irish joke worth a shot or two of  uisce beatha. Unless they know something about the ethnic makeup of the Irish population that I don’t.

Meanwhile, I look forward to the first design in Welsh. Iechyd da!

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

Author David Harley, ESET

  • mark elder

    Hi, I have a sample of a ransomware that I managed to clean from a friend's computer, this one does not show up on virustotal – where can i send to you or other researchers so it gets reviewed ?

    • David Harley

      Hi Mark. There are full instructions on submitting a sample here.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
18 Sep 2012
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.