A ransomware scam has been discovered that tricks victims into believing they have been caught with child exploitation material by the NSA's PRISM program.
The scam functioned similarly to other ransomware attacks in that it was hosted on compromised or malicious web sites or ad networks and locked down victim machines displaying a message that demanded payment of a ransom.
Victims of the ransomware are told that were under investigation for "illegal content downloading and distribution," specifically child pornography.
Researcher Kafeine studied the threat and said its purveyors were likely responsible for the Kovter ransomware which spread earlier this year.
The crooks' command-and-control server was based in Russia, Kafeine said.