Irish Ransomware Report

Well, that was a little unexpected. The Irish Times has reported the discovery of the “first Irish language virus“. (Further checking suggests that the story may have originated with the Donegal Daily.)

Actually, it sounds less like a virus – there’s no indication of whether it self-replicates – than the kind of ransomware that we’ve seen elsewhere, where the victim’s computer is locked and he then sees a message telling him that he’ll have to pay to get it unlocked.

In this case, however, the story goes that the victim is told he has – or may have – accessed pornography, and that his machine has been locked by an Irish government agency. And the message is apparently in Irish, though according to the computer tech/repairer from whom the story comes, it reads as if some form of automatic translation software has been used. It contains a logo incorporating the Irish flag and apparently looks convincingly official apart from the wording. But then bureaucrats are not always known for the quality of their writing.

The reports I’ve seen to date imply that the thing has been dubbed “as Gaeilge” or just “Gaeilge”, which would be a terrible name for a malicious program, since as far as I know it simply refers to the version of the Gaelic language they use on that side of the Irish Sea. If it were to catch on, I suspect that there would be some confusion with the “Irish Virus” hoax/joke, which looks something like this:

You have just been infected with the “IRISH VIRUS”.

This virus works on the honour system. Please delete all the files on your hard drive manually and forward it to everyone on your mailing list.

(Believe it or not, there are actually anti-virus company web sites that list that as a malicious hoax and warn their readers not to spread it. I guess they have less faith in the intelligence of their customers than ESET does.)

There’s also another use for the term “Irish virus” which has nothing to do with IT security but is even more disrespectful towards the Irish as a nation, so I won’t mention it further.

It seems a little strange to have talked more about mythical malware than about what appears to be the real thing, but so far, I haven’t seen any indication that any security company has seen it, let alone shared a sample, so I can’t confirm any of the characteristics described above.

If anyone who’s actually seen the thing cares to submit a sample to an AV company, we’d be more than happy to take a look at it. It doesn’t have to be ESET – AV companies don’t jealously refuse to share real threats with other companies in the hope of getting some competitive advantage – but ESET does have a documented (and quite simple) process for submission as described here. In the meantime, my friend Urban Schrott of ESET Ireland and his colleagues are also looking into this issue, and we’ll report back here if there’s anything to add.

In the meantime you might also derive some amusement from a story we joined forces on a while ago, regarding an Irish language 419 scam: Irish 419-er seeks Spanish Lady

ESET Senior Research Fellow

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s