Recent Reports of DHS-Themed Ransomware (UPDATE)

["US-CERT" <US-CERT () public govdelivery com>]

US Computer Emergency Readiness Team banner graphic

National Cyber Awareness System:

Recent Reports of DHS-Themed Ransomware (UPDATE) [ 
https://www.us-cert.gov/ncas/current-activity/2013/07/30/Recent-Reports-DHS-Themed-Ransomware-UPDATE ] 07/30/2013 10:57 
AM EDT 
Original release date: July 30, 2013

US-CERT has received reports of increased activity concerning an apparently DHS-themed ransomware malware infection 
occurring in the wild. Users who are being targeted by the ransomware receive a message claiming that use of their 
computer has been suspended and that the user must pay a fine to unblock it. One iteration of this malware also takes a 
webcam (if available) photo or video of a recipient and posts it in a pop-up to add to the appearance of legitimacy. 
The ransomware falsely claims to be from the U.S. Department of Homeland Security and the National Cyber Security 
Division.

Users who are infected with the malware should consult with a reputable security expert to assist in removing the 
malware, or perform a clean reinstallation of their OS after formatting their computer's hard drive.

US-CERT and DHS encourage users and administrators not to pay the perpetrators and to report the incident to the FBI at 
the Internet Crime Complaint Center (IC3) [ http://www.IC3.gov ].

Use caution when encountering these types of email messages and take the following preventive measures to protect 
themselves from phishing scams and malware campaigns that attempt to frighten and deceive a recipient for the purpose 
of illegal gain.


  * Do not click on or submit any information to webpages. 
  * Do not follow unsolicited web links in email messages. 
  * Use caution when opening email attachments. Refer to the Security Tip Using Caution with Email Attachments [ 
http://www.us-cert.gov/cas/tips/ST04-010.html ] for more information on safely handling email attachments. 
  * Maintain up-to-date antivirus software. 
  * Users who are infected should change all passwords AFTER removing the malware from their system. 
  * Refer to the Recognizing and Avoiding Email Scams [ 
http://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf ] (pdf) document for more information on 
avoiding email scams. 
  * Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks [ 
http://www.us-cert.gov/cas/tips/ST04-014.html ] for more information on social engineering attacks. 
________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]