Kovter ransomware infections have increased significantly in the second quarter of 2014, report malware researchers from the Damballa security firm. On average, the daily incidents have been up by 153% between April and May this year. The ransomware has reached an activity peak, affecting 43,713 machines in a single day.
What Is Kovter Ransomware?
Kovter is a police ransomware trojan that has been infecting computers around the world since 2013. Among the countries that suffered the most attacks are Germany, France, USA, UK, Italy and the Netherlands. Kovter uses typical ransomware tactics to extort money from its victims. It displays a fake police-message informing the user that his computer has been locked due to law-violations. In order to unlock the system, the user needs to pay a fee (usually around $300) in a short period. The payment method varies depending on the different countries. For the USA, the crooks usually require a Money Pack prepaid card. To block the access to the infected PC Kovter uses a Winlocker component.
Kovter is distributed to the user’s computer the same way other Ukash viruses are. They use malicious methods to sneak into the targeted system, relying on a trojan, hidden in illegal webpages and files.
The Unique Technique of the Kovter Ransomware
What makes Kovter different from other ransomware infections and has turned it into a severe computer threat really fast is the tactic it uses to scare its victims into paying the fee. Once in the system, Kovter starts collecting information from the browsing history of the infected PC, which is then used to create an individual ransom-message for each victim. Instead of using a generic warning, Kovter displays a message pretending to be from various institutions like the FBI, US Department of Homeland Security and the US Department of Justice, stating that the victim has downloaded illegal content online and that the compromised machine has been used to distribute it.
The Kovter Ransomware adds a unique touch to its scheme that makes it different from all other, similar threats. The ransom message includes the IP address of the infected PC and the URL, allegedly containing the “illegal content.” What Kovter does, is scanning the victim’s browser history for pornographic material. If there are any websites matching the ransomware’s threat list, they will be pointed as the source of the illegal content in the warning message. If not – the malware will “create” the evidence on its own, choosing a random pornographic site and redirecting the victim’s browser to it. Then it will log the history and retrieve content to display. This kind of “personal approach” makes the scam warning even more believable.
The Upward Trend
Although many users recognize the scam, the number of the infected machines increases each month. The victims are strongly advised not to pay the fee because there is a big chance that they will not be provided with the details for unlocking the PC.
Malware researchers detected a big increase in Kovter infections in Q2 2014. In June, the ransomware managed to hit 43,713 systems in only one day. The average daily infections were up by 153% in May and 52% in June.
Here are the numbers for Q2 2014, provided by the Damballa research team:
- April: Lowest number of daily active infections – 6 602, highest – 18 089
- May: Lowest number of daily active infections – 7 542, highest – 37 386
- June: Average amount of daily infections – 37 733, or a 52% increase, month over month
You do not have to be a part of the statistics. Assure your system’s safety by using legitimate tools to avoid computer infections and make sure your anti-virus software is up-to-date.
Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the malware tool. Find Out More About SpyHunter Anti-Malware Tool