Novel ransomware tactic locks users’ PCs, demands that they participate in a survey to get the unlock code

By Dancho Danchev

From managed ransomware as a service ‘solutions to DIY ransomware generating tools, this malicious market segment is as hot as ever with cybercriminals continuing to push new variants, and sometimes, literally introducing novel approaches to monetize locked PCs.

In this case, by forcing their users to complete a survey before they receive the unlock code.

More details:

Sample screenshot of the actual advertisement at a cybercrime-friendly international underground marketplace:


Its customers are able to add up to two survey links allowing them to earn more revenue from the ransomware victims who would be unwillingly participating in the surveys. The ransomware blocks the Task Manager, CMD, Regedit and the Start Menu. Its author accepts Bitcoin.

Despite the fact that the ransomware doesn’t pose any sophisticated features — bypassing signatures based antivirus scanning is not a feature, it is an every day reality — it provides and example of an efficient business model aiming to utilize cost-per-action (CPA) affiliate networks in an attempt to generate revenue for the market participants.

We’ll continue monitoring the development of this ransomware, and most importantly, whether or not this monetization model will scale across the international underground marketplace.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.

2 thoughts on “Novel ransomware tactic locks users’ PCs, demands that they participate in a survey to get the unlock code

  1. Pingback: ste williams » Internet evildoers stitch together vile ransomware-survey scam chimaera

  2. Pingback: New type of ransomware requires completing surveys - SecurEncrypt - HIPAA/HITECH File Encryption Software

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s