Ransomware Part III: another drop of the Irish

I’m caught up this week in a lengthy internal meeting, and next week with Virus Bulletin in Dallas, but I couldn’t resist a quick follow-up to the Gaelic ransomware posts here and here. The indefatigable Kafeine (heartfelt hat tip!) has laid his hands on another copy of the scam message, and this time it does come complete with Irish flag (and, to my eye, much the same social engineering).

(Click on the image to get it full size.)

The malware is currently detected by 9/41 vendors, according to VirusTotal, and the hash is 1946d4508691a113651a4ef202ba15fe.

If you’d like to get some information on this particular branch of the graphic design cottage industry, complete with a nice range of other designs in a range of languages (including English), you might want to check out Kafeine’s post here (and Malekal’s – in French – on Ransomware « Trojan.Casier » Panel). I must admit that the post appeals immensely to my inner philatelist, as well as providing me with some interesting info on an aspect of this type of malware that I hadn’t really looked at before.

There’s also an example of a particularly fine miscommunication between designer and scammer: a design in Iranian targeting Irish speakers. Now there’s an Irish joke worth a shot or two of uisce beatha. Unless they know something about the ethnic makeup of the Irish population that I don’t.

Meanwhile, I look forward to the first design in Welsh. Iechyd da!

ESET Senior Research Fellow

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s