Ransomware attack led animal porn collector to confess to police

Posted on

A UK man has been given a non-custodial sentence this week, after a ransomware infection on his computer led him to report himself to police. The man’s computer held several hundred animal porn images, described in court as “extreme” and “revolting”.

According to local news reports, 61-year-old Victor Anthony Noble, now a resident of Scotland, was living in the Cumbrian village of Warwick Bridge in 2013, when his PC was hit with what sounds like a fairly typical ransomware attack of the low-grade screen-locking variety.

Unlike the more destructive cryptoware of recent years such as CryptoLocker orCryptoWall, this type of attack leaves your files intact, instead attempting to simply lock you out of your system and demanding a ransom to unlock it.

Typical techniques used to encourage payment include suggestions that illegal software, media or browsing has been detected, and that failure to pay up will result in your behaviour being reported to law enforcement.

In many examples, the malware pretends to be a message from police or FBI monitoring systems, to give a little extra weight to its scare tactics. Some variants, such as Reveton, even try to work out which police force to masquerade as, depending on your location.

In Mr Noble’s case, although he paid the £100 demanded, the promised unlocking was not provided, a fairly likely circumstance considering the moral background of those operating the scam.

So, Noble decided the game was up and handed himself in to local police, reporting to them the extensive stash of unsavoury images, which apparently mostly featured people “engaging in sex acts with animals” including horses, dogs and pigs.

Although he admitted downloading almost 600 images, Noble claimed to have no memory of ever actually viewing them.

The incident took place in May 2013, with Noble appearing before Carlisle magistrates in December 2014 and then at Carlisle Crown Court in March this year. He pleaded guilty to five counts of possessing extreme pornography, and was returned for sentencing this week.

He has been ordered to submit to a 12-month supervision order.

This is not the first case where a ransomware infection has tricked its victim into giving themselves up to the cops; also in 2013, a similar set of circumstances led a Virginia man to confess to the police, although in his case his guilty conscience was down to a collection of child abuse images.

For the most part, lockscreen ransomware can be recovered from fairly successfully with the right know-how, usually by booting from independent media such as a live Linux distribution or in some cases just using Windows Safe Mode to bypass and disable the threat.

Quality anti-malware software and a regular patching regime should offer up-front protection from most variants too, but it’s important to keep backups of your important files just in case something slips past your defences, especially if it ends up being a file-encrypting attack – even those which make a mess of their cryptography can be a real pain.

Ransomware attack led animal porn collector to confess to police
Ransomware attack led animal porn collector to confess to police

Social engineering techniques, whether arriving via email or appearing in popups displayed by malware or dodgy web pages, regularly leverage fear and guilt to hustle us into rash actions, such as paying ransoms.

If you do get infected with ransomware, try to keep calm and apply some logic to the situation – no law enforcement agency really tries to impose spot fines via the internet.

Of course, if you have something real to feel guilty about, it’s usually a good thing to get it off your chest, and if you end up ‘fessing up to the police, at least you’ll get the benefit of proper justice, rehabilitation and, if necessary, psychiatric help.

One has to feel sorry for the poor police techs who have to wade through all this nasty stuff to gather evidence.

Source:https://nakedsecurity.sophos.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s