A US child abuse image collector turned himself in to local police earlier this month, after ransomware hit his PC and showed messages warning him that the FBI were on to his nasty activities.
Jay Matthew Riley, 21, of Woodbridge, Virginia, was apparently hit by the ransomware attack while surfing the web to add to his collection of unsavoury images.
As is usual with such malware, he was shown a warning demanding cash in return for keeping quiet about his suspicious activities.
Having spent his time on the seedier side of the web rather than educating himself about security, he believed the message really originated from the FBI as it claimed, and decided to head down to the police station to confess, taking his computer with him.
He handed his machine over to cops in Prince William County on July 1st, and they quickly found his stash of explicit pictures of underage girls. His home was then searched and several other devices gathered up, and he was arrested. He’s now being held without bail.
According to Sophos, the malware in question sounds like the common Reveton threat, and certainly didn’t use cryptography complex enough to keep the local law enforcement out.
Whatever it was, it seems like a rare example of a cyber attack bringing about a morally happy ending.
On the other hand, it’s clear that despite all the best efforts of the security community, the message about this kind of scam is still not fully hitting home.
So, if you see an alert claiming you’ve been rumbled for illicit downloading or other online infractions, it’s not really from your local equivalent of the FBI, and the “fine” is not a fine, just another attempt by cybercrooks to get their hands on your cash.
Of course, if you are a paedophile, feel free to head down to the local police station, where they should be able to help.
Article by John Hawes. John is Technical Consultant and Test Team Director at Virus Bulletin, running independent anti-malware testing there since 2006. He wrote this for Sophos http://www.sophos.com Naked Security: http://nakedsecurity.sophos.
