Many types ransomware are making news now-a-days,one of them is browserlock. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Some forms of ransomware encrypt files on the system's hard drive, while some may simply lock the system and display messages intended to coax the user into paying.
Below is a Javascipt code found in the ransomware that disables certain keyboard functions:
The browser then displays a pop up saying 'YOUR BROWSER IS BEING LOCKED UP FOR SAFETY PURPOSES.ALL THE DATA ON YOUR COMPUTER IS UNDER ARREST.' If the user selects 'Leave this page' same message it showed to the user again. If the user selects to 'Stay on this page' he is not able to do anything on the page except to fill in the ransom voucher.
It also has a countdown timer which threatens the user to pay the ransom within a certain time period. When the countdown expires following pop up is displayed
After clicking ok the user still cannot leave the page.
If the user enters wrong Moneypak voucher number following pop up is displayed
When a correct voucher is entered followed pop up is displayed and a POST request is sent to the attacker's website. The POST sends the user entered voucher number, amount and the IP of user's machine along with other information. After clicking ok the user is still not able to close the browser
Browserlock ransomware request looks like this :
DELL Sonicwall threat research team has implemented following signature to prevent this attack.