Posts Tagged ‘ukash’

Ransomware still a threat to Polish users

19 September 2013


During the summer holidays we observed an increased infection rate of ransomware. We mentioned this type of malware a few times already in the past (here is a description of similar malware and here is information detailing how to remove it from your computer). CERT Polska was able to acquire three samples of this malware from three different sources. In every case we were able to determine the infection vector. Most probably, all of the three samples were created by the same group of cybercriminals. One of the samples came from a hacked website in collaboration with CERT.GOV.PL, second sample was from a hacked website in .eu domain and the last sample was from a malicious advertisement from a .pl website. A case of malware on the governmental website was also a subject of our previous blog post.


Ransomware: how to remove it, even when the computer does not boot?

3 August 2012

ransomeware avatar

We have recently published an article (in Polish) about ransomware malware (mainly WeelsOf) spreading in Poland. This kind of ransomware was initally mentioned on the blog: It demands 100 Euro or 500 PLN in order to unlock our computer. We also published a UKash code generator that was suppose to fool malware and unlock our computer. Since then, we have encountered versions of this ransomware that simply did not unlock the computer no matter what kind of code was submitted. Below, we have compiled a few tips, both for advanced users and beginners, on how to remove ransomware, or malware in general. They should work even in cases when the computer will not boot.

Malware very often adds itself to the list of applications that start when operating system boots up. By doing so, it makes sure that when a user removes it during the system run, it will infect the machine again at another boot. The only solution is to prevent software from running at system start.

Below we present two methods of malware removal. The first one is to try and run the computer in safe mode and then use a free tool to inspect our system. The other one is to run the computer from a Rescue CD provided by one of the antivirus vendors. This is a method that one of our readers checked and recommended.


Ten komputer został zablokowany – ransomware żąda voucheru Ukash na 100 euro !

8 June 2012


W maju mieliśmy w Polsce do czynienia z infekcjami złośliwym oprogramowaniem, które blokowało dostęp do komputera, żądając wpłacenia okupu w zamian za usunięcie blokady. ‘Opłata karna’ wynosi 100 euro (można również dokonać dwóch płatności po 50 euro) i powinna zostać dokonana poprzez podanie numeru vouchera UKASH. Jak twierdzi wyświetlany na komputerze komunikat, kara ta wynika z tajemniczych przepisów o ‘kontroli informacyjnej oraz zabezpieczenia informacji’ z 2012 roku. Sam komunikat napisany jest poprawną polszczyzną i opatrzony logiem policji! (patrz zrzut ekranu poniżej). Programy antywirusowe oznaczają to zagrożenie jako ‘Trojan/Weelsof’.