Trojan-Ransom.Win32.PornoAsset

Detect Date 11/20/2015
Class Trojan-Ransom
Platform Win32
Description

This malware blocks user access to the operating system and replaces registry information about the system Explorer process (explorer.exe) with references to itself.

The next time the operating system loads, a banner appears and states that the computer has been blocked due to viewing of pornographic materials. To unblock the computer, the malware asks the user to transfer the amount being extorted by the attacker (the “fine”) to the phone number indicated in the banner.

pornoasset_eng

Geographical distribution of detections during the period from 20 November 2014 to 20 November 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russian Federation 38.66
2 India 8.06
3 Vietnam 6.60
4 Germany 3.62
5 USA 2.76
6 Kazakhstan 3.81
7 Algeria 3.48
8 Ukraine 2.91
9 Iran 2.84
10 France 1.35

* Percentage of all unique Kaspersky users attacked by this malware