Your Browser is (not) Locked

December 17, 2014 – 7:35 PM

Most ransomware has a binary file that needs to be executed before it can infect your PC. Ransomware usually relies on social engineering or exploits to infect unsuspecting users. However, some malware authors are bypassing this requirement with a new trick – browser lockers.

Unlike traditional ransomware threats that lock the entire desktop, browser lockers only lock the web browser of an infected PC. Most other malware needs a user (or other malware) to manually run it. Browser lockers don’t need to be manually run, they don’t have a binary file and they are mostly written in JavaScript. The script runs in the web browser and its main purpose is to disable any form of action that can close the browser – such as clicking the close button and pressing certain shortcut keys (for example, Alt + F4). All attempts to close the browser will result in a warning message box, an example is shown in Figure 4.

Microsoft detects browser locker malware as Ransom:JS/Brolo and Ransom:JS/Krypterade.

Source:
http://blogs.technet.com/b/mmpc/archive/2014/12/17/your-browser-is-not-locked.aspx