In recent weeks reports have been coming in, of ransomware appearing on some infected Irish computers. It uses (poorly translated) Irish language in a message that claims the user’s computer has been locked – either by Garda or by some government agency – for some alleged illegal activity, such as downloading illegal content or distributing malware, and can only be unlocked if a €100 fine is paid within 72 hours via some convenient online payment service.
The ransomware “as Gaeilge” in this case is just a variety of several localisations by the cybercriminals, as the same content also targeted computer users in UK, Holland, Poland, Spain, France, Belgium, etc. adapting the language to the locations of the victims. (In one case the scammers even made a mistake and mixed up the Irish .IE and Iranian .IR domains, which resulted in Irish computers displaying Iranian text.)
This is of course all fake, as no official institutions would use such methods for fining offenders, but several of these messages are accompanied by the Garda logo or an Irish flag, to make them appear legitimate. The malware will usually not “unlock” an infected computer even if the victim sends money to the required address, and the computer will remain infected until it is properly cleaned by an expert.
Should they get infected by this or similar extortion scam malware, the Irish computer users are therefore advised to:
- NOT transfer ANY funds to the scammers
- NOT attempt to remove the infection with “removal tools” a web search may offer, as many of those are themselves malicious and often infected
- have a professional clean their computer with legitimate virus-removal software
ESET users are protected form infection with this particular malware, as ESET recognises it as a variant of Win32/Kryptik.ALXA and prevents its installation.