SOPA Returns! Not From Congress But As a Ransomware Virus

SOPA Returns! Not From Congress But As a Ransomware Virus

Last month in a report we said, that "SOPA & PIPA are dead, they're not coming back". Former Senate Christopher Dodd, now chairman of the Motion Picture Association of America, said the Stop Online Piracy Act and Protect IP Act aren’t going to be floated again in Congress. Now it seems that he was not fully right as The Stop Online Piracy ACT also known as SOPA the most controversial act which terrified almost every people, who is associated with Internet still chasing us, though the bill was defeated after massive protest; still  SOPA is not leaving us. I know its a tragic news, but do't be panic, this time its not the comeback of SOPA act from Congress but as a nasty cryptovirus that locks up people’s computers and accuses them of distributing copyright infringing files. Infected users can get their data back after a payment of $200 – at least, that’s what the virus makers promise. Several researcher have figure out and warning that new ransomware that claims to be an alert from the "Stop Online Piracy Automatic Protection System." It goes on to tell you that your computer is on a "S.O.P.A. IP Black List" because it was used to download copyright infringing materials, child pornography or illegal software. The malware encrypts all of your data files and holds them hostage, offering to decrypt them if you pay a fee to the criminals. According to report by Torrent Freak- the SOPA virus holds all files on the host computer ransom.

“Your computer is locked!” the splash screen above warns, adding:

If you see a warning.txt or warning screen, it means your IP address was included in S.O.P.A. Black List. One or more of the following items were made from your PC:

1. Downloading or distributing audio or video files protected by Copyright Law.

2. Downloading or distributing illegal content (child porn, phishing software, etc.)

3. Downloading or distributing Software protected by Copyright Law.

As a result of these infringements based on Stop Online Piracy Act (H.R. 3261) your PC and files are now blocked.

The SOPA virus is so-called ransomware, meaning that it holds computers hostage and only promises to free data after victims hand over cash. In the U.S. and Canada people are instructed to pay with a MoneyPak prepaid voucher, and in other parts of the world they can use Western Union. Those who don’t pay within three days are in trouble, the virus maker warns. “WARNING!!!: If you don’t pay the fine within 72 HOURS at the amount of 200 USD, all your computer data will be erased.”

People who are affected should of course ignore all the above. Searching online for “Stop Online Piracy Automatic Protection System Removal”” is a better option, there are plenty of ways to defeat the resurrected SOPA and get your data back.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">SOPA Returns! Not From Congress But As a Ransomware Virus"https://www.voiceofgreyhat.com/2012/10/SOPA-Returns-Not-From-Congress-But-As-Ransomware-Malware.html</a>

"Ransomware" Infecting Master Boot Record & Preventing The OS From Loading

"Ransomware" Infecting Master Boot Record & Preventing The OS From Loading

Security experts at Trend Micro has find out ransomware which blocks systems from booting. A typical ransomware encrypts files or restricts user access to the infected system. However, it has been found that this particular variant infects the Master Boot Record (MBR), preventing the operating system from loading. Based on analysis, this malware copies the original MBR and overwrites it with its own malicious code. Right after performing this routine, it automatically restarts the system for the infection take effect. Users can, however, save themselves 920 hryvnia by following the experts' instructions for removing the infection. This essentially consists of running the recovery console from the Windows Installation DVD and restoring the original MBR using the fixmbr command.

Last February, certain attackers compromised the website of the French confectionery shop Ladurée to spread this malware. Users who visited the said site when it was compromised ended up with systems infected with TROJ_RANSOM.BOV. This variant was found to display a notification that impersonates the French National Gendarmerie and demands payment from affected users. The people behind this attack have also impersonated police notifications from Italy, Germany, Belgium, and Spain.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">"Ransomware" Infecting Master Boot Record & Preventing The OS From Loading"https://www.voiceofgreyhat.com/2012/04/ransomware-infecting-master-boot-record.html</a>

Ransomware Found on Hacked GoDaddy Sites, Infecting Thousand of Users

Ransomware Found on Hacked GoDaddy Sites, Infecting Thousand of Users 

Users who have their websites hosted by GoDaddy again fallen victim of cyber attack. Researcher at ShopsLabs reported that cyber criminals have managed to hack the DNS records of GoDaddy hosted websites and thus they infected a large number of GoDaddy users with ransomware. Fraser Howard, a Principal Virus Researcher of SophosLabs stated that the hackers behind these attacks are “exploiting DNS by hacking the DNS records of sites, adding one or more additional subdomains with corresponding DNS entries (A records) referencing malicious IP addresses. The legitimate hostname resolves to the legitimate IP address, but the added sub-domains resolve to rogue servers.” By doing so, the criminals are able to set-up URLs that seem legitimate, potentially sneaking through security filtering systems and duping Internet surfers into believing they are harmless, he explained in a Friday blog entry. In some instances, multiple subdomains were added to each user’s account, with each of them redirecting viewers to at least one malicious IP address.  

Go Daddy customers who wish to check they have not been affected by these attacks should check their DNS configuration according to the Go Daddy support page. 

As soon as the attack has been spotted in the wild, GoDaddy released a statement included below :-

"Go Daddy has detected a very small number of accounts have malicious DNS entries placed on their domain names. We have been identifying affected customers and reversing the malicious entries as we find them. Also, we're expiring the passwords of affected customers so the threat actors cannot continue to use the accounts to spread malware.
We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems.
Go Daddy highly recommends that US- and Canada-based customers enable 2-Step Authentication to help protect their accounts. Details on how to set up this feature are located at http://support.godaddy.com/help/article/7502/enabling-twostep-authentication.
If a customer suspects their account may have an issue, we encourage them to contact Go Daddy Customer Care or fill out the form at the following link: https://support.godaddy.com/support/?section=support. "

While talking about GoDaddy and cyber attack, then we would like to remind you that, this may not have been the first hacking attempt against Go Daddy this fall. Couple of months ago, a hacker from Anonymous claimed to have taken down the domain registry and web hosting company. However, one day after the attack, Go Daddy denied they had been targeted by cyber criminals. Last year in September several GoDaddy sites were compromised, there also the reason was a malware. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Ransomware Found on Hacked GoDaddy Sites, Infecting Thousand of Users"https://www.voiceofgreyhat.com/2012/11/Ransomware-Found-on-Hacked-GoDaddy-Sites.html</a>