Koler ransomware hit Australia hard

By on
Koler ransomware hit Australia hard

Depicts fake threats from Australian law enforcement.

A type of ransomware targeting Android users visiting pornographic sites is making the rounds in Australia, with thousands of people being subject to extortion attempts with messages purporting to be from local law enforcement.

Named Koler, the malware reported by Kaspersky security researchers locks the screen with a popup and displays custom messages for thirty countries claiming to be from law enforcement, while demanding a ransom of US$100 or US$300 to unlock the display.

The message for Australia makes mention of several authorities, including the Royal Australian Corps of Military Police and the Australian Communications and Media Authority (ACMA).

Victims are accused of having accessed illegal pornography and copyright infringement, and threatened with prison sentences and fines.

Koler 'police' message. Source: Kaffeine

Kaspersky said that despite the ominous message displayed, Koler does not encrypt users' data, or lock people out of their devices.

According to Kaspersky telemetry data, the ransomware has struck 6,223 Australian visitors to the mobile domain spreading the infection, the third highest in the world after the United States and the United Kingdom.

In total, over 200,000 Android devices around the world were infected with Koler.

Koler is spread through visits to malicious pornographic sites that are part of a large malware distribution network.

Kaspersky said the use of porn sites is intentional, to make victims feel guilty and thus be more likely to pay the ransom.

Users are asked to download and install a malicious application on their Android device but the malware campaign can also redirect to sites containing the Angler exploit kit that can attack PCs running Microsoft's Internet Explorer web browser.

Koler is thought to have been active since May this year, with security researcher Kaffeine credited with first discovering the malware.

The malware appears to be from Russia, developed by the Reveton ransomware authors that use similar fake threats from law enforcement.

According to Kaspersky, the Koler malware campaign is currently winding down, with the command and control centre sending out uninstall commands.

The security firm said it is working with the Europol and Interpol trans-national police organisations to close down the ransomware distribution infrastructure.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
android kaspersky koler malware ransomware security windows
In Partnership With

Most Read Articles

Westpac CIO Curran warns ‘Big Tech’ is out of step

Westpac CIO Curran warns ‘Big Tech’ is out of step
Telstra says it could buy NBN when sold

Telstra says it could buy NBN when sold
US military weapons systems found to have vulnerabilities

US military weapons systems found to have vulnerabilities
Telstra CEO demands $20 a month NBN price cut

Telstra CEO demands $20 a month NBN price cut
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Intro to AI for Security Professionals
Intro to AI for Security Professionals
Digital Transformation: Hope, or Hype?
Digital Transformation: Hope, or Hype?
How to choose a trusted IT provider
How to choose a trusted IT provider
Why Business Process Modelling Matters
Why Business Process Modelling Matters
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018

Events

Log In

Username / Email:
Password:
  |  Forgot your password?