In the past few weeks we have been following the relatively new "police ransomware" family we call Trojan:HTML/Browlock. This ransomware is very simple, and just uses the browser to display a lock screen demanding the victim to pay a fake fine and plays tricks to prevent closing the browser tab.
Since we first saw it targeting folks in the US, Canada, and UK, we have been expecting it to expand to new countries. As expected, users in other regions are now seeing a localized message from their local law enforcement.
Here are the lock screens for Browlock as seen from different countries:
Almost all the ransomware families seem to have great difficulties in finding a translator to create localized lock pages with good quality. Readers that pay close attention (okay, any attention is probably enough) will notice some slight problems with the German localization:
For Canadians, the design of the lock screen has stayed roughly the same:
We did notice that the fine has dropped from 250 CAD to 150 CAD compared to a previous lock screen below. It seems that in today's economy, even ransomware victims can't be expected to pay up such high prices.
While the domain names change, all of the lock screens are currently being hosted on a single server in St. Petersburg:
We detect the lock screen as Trojan:HTML/Browlock.A.