Some sneaky hackers have found a way to exploit people’s fears of the National Security Agency to get them to part with their money: Make them think they’ve been caught by “PRISM.”
A relatively new ransomware attack, discovered by the blog Malware Don’t Need Coffee, tells victims that their “computer has been locked” by the NSA, they’ve been caught downloading child porn, and they can make it all go away if they pay $300.
Screengrab via Malware Don’t Need Coffee
That’s not normally how child porn charges work. It’s not how PRISM works, either, though the public is still is little out of the loop on that program.
PRISM isn’t the farthest-reaching Internet surveillance tool in the NSA’s box. But due to its ominous name, its catchy logo, the fact that it was the second of former NSA contractor Edward Snowden‘s major leaks, it’s likely the best known. We do know that PRISM is made legal through section 702 of the Foreign Intelligence Surveillance Act, and that it’s used to see what non-Americans do on major U.S. websites like Gmail, Apple, and Facebook.
As Malware Don’t Need Coffee found, this “PRISM” scam is an updated version of a similar ransomware called Kovter. Distributed in March, Kovter adopted the Department of Homeland Security’s seal and gave users a similar spiel: You’ve been caught downloading child porn; pay us $300 to unlock your computer or face massive fines and a prison sentence.
Kovter’s far from the only scam that acts like law enforcement and pretends to catch users watching child porn to extort innocent people. A particularly vicious Australian scam hacks users’ webcams as they search for pornography, accuses them of looking at child porn, shows them their own picture, then demands a payout.