Police Locker Ransomware

Police Locker Ransomware: Scare Tactics Masquerading as Law Enforcement Fines

Police Locker Ransomware, also known as "Police Trojan" or "RansomLocker," is a type of locker ransomware that blocks access to a computer or mobile device and displays fake warnings from law enforcement agencies. It accuses victims of illegal activities, such as piracy or viewing inappropriate content, and demands a "fine" to unlock the device.

Introduction to Police Locker Ransomware

Unlike crypto-ransomware, which encrypts files, Police Locker Ransomware focuses on locking the device’s screen to prevent access. The malware uses scare tactics, claiming that the victim has committed crimes and must pay a penalty to avoid prosecution. Victims are instructed to pay via prepaid cards, cryptocurrency, or other anonymous payment methods, but payment often doesn’t guarantee the device will be unlocked.

---

1. How Police Locker Ransomware Works

Infection Mechanism:
Police Locker Ransomware typically spreads through:

• Malicious websites that trigger drive-by downloads.
• Infected email attachments claiming to be from authorities or legitimate organizations.
• Trojanized mobile apps and pirated software downloads.

Locking and Extortion Process:
Once installed, the ransomware:

• Locks the user out of their device, preventing access to files, programs, and settings.
• Displays a full-screen message claiming to be from law enforcement (e.g., FBI, Interpol, local police).
• Accuses the user of serious offenses like child pornography, copyright infringement, or terrorism-related activities.
• Demands payment of a "fine" (usually $100–$500) via prepaid cards such as Ukash, Paysafecard, or cryptocurrency.
• Threatens criminal prosecution or jail time if the payment isn't made.

---

2. History and Notable Campaigns

Origin and Early Campaigns:
Police Locker Ransomware first emerged around 2011–2012 and became widely known as the "FBI Moneypak Virus." It initially targeted Windows PCs before evolving to affect Android devices as well.

Notable Variants and Campaigns:

• Reveton Trojan (2012): One of the most infamous Police Locker campaigns. It impersonated multiple law enforcement agencies around the world, tailored messages to victims’ locations, and demanded payments through Moneypak cards.
• Android Locker Variants (2014–2016): Extended the campaign to mobile devices, using scareware tactics on smartphones and tablets.
• Ransomware-as-a-Service (RaaS): Some Police Locker variants were distributed through RaaS platforms, allowing less-skilled cybercriminals to carry out attacks.

---

3. Targets and Impact

Targeted Victims and Sectors:
Police Locker Ransomware generally targets:

• Home users who may be more susceptible to scare tactics.
• Less tech-savvy individuals who may believe the accusations and pay the ransom.
• Mobile users downloading apps from unofficial sources.

Consequences:
Victims lose access to their devices and data. The psychological pressure of a law enforcement threat often coerces victims into paying quickly. Paying the ransom typically does not result in the device being unlocked, and victims are sometimes re-targeted.

---

4. Technical Details

Payload Capabilities:

• Screen Locking: Prevents access to the desktop or home screen, effectively locking out the user.
• Fake Legal Threats: Displays fake warnings impersonating law enforcement agencies, often tailored to the victim’s country or region.
• Payment Instructions: Provides directions for paying the “fine” through untraceable payment systems.
• Persistence Mechanisms: In some variants, reinstalls itself upon reboot or disables system recovery tools.

Evasion Techniques:

• Spoofs logos and branding of real law enforcement agencies for added credibility.
• Uses geolocation to display localized warnings in the victim's language, making the threat more convincing.
• Disables access to Task Manager, safe mode, or other system tools that could be used to remove it.

---

5. Preventing Police Locker Ransomware Infections

Best Practices:

• Avoid downloading files or apps from untrusted websites or third-party app stores.
• Be cautious when opening email attachments or clicking links from unknown senders.
• Keep operating systems and security software updated to patch known vulnerabilities.
• Enable app verification on mobile devices and only install software from trusted sources.

Recommended Security Tools:

• Reputable antivirus and anti-malware software with real-time protection.
• Mobile security solutions that scan apps and downloads.
• Content filtering and ad-blockers to prevent drive-by downloads from malicious sites.

---

6. Detecting and Removing Police Locker Ransomware

Indicators of Compromise (IoCs):

• Full-screen lock message claiming to be from law enforcement, blocking access to the device.
• Demands for payment via prepaid cards or cryptocurrency.
• Inability to access Task Manager, Control Panel, or Safe Mode.

Removal Steps (Windows PC):

1. Reboot the computer into Safe Mode with Networking.
2. Run a full system scan using updated antivirus or anti-malware tools to remove the ransomware.
3. If standard removal tools fail, use a rescue disk or bootable antivirus to scan and clean the system.
4. Restore system files from a backup if necessary.

Removal Steps (Android Devices):

1. Reboot into Safe Mode to disable third-party apps from running.
2. Go to Settings → Apps and uninstall the malicious app.
3. Run a mobile antivirus app to ensure the infection is removed.
4. If the ransomware persists, perform a factory reset (after backing up important data, if possible).

Professional Help:
For persistent infections or if unsure how to proceed, consult with cybersecurity professionals or IT support.

---

7. Response to a Police Locker Ransomware Attack

Immediate Steps:

• Do not pay the ransom; there’s no guarantee the device will be unlocked.
• Disconnect from the internet to prevent potential data exfiltration.
• Remove the malware using safe mode or professional security tools.
• Report the incident to local law enforcement or a cybersecurity agency, especially if financial loss has occurred.

---

8. Legal and Ethical Implications

Legal Considerations:
Although Police Locker Ransomware impersonates law enforcement agencies, it is entirely fraudulent. Victims may report the scam to law enforcement without fear of legal repercussions from the fake accusations.

Ethical Considerations:
This malware exploits fear and guilt, often targeting vulnerable populations. Cybersecurity awareness and education are essential to prevent users from falling for such scams.

---

9. Resources and References

• No More Ransom Project: Ransomware removal and prevention resources.
• Europol and Interpol Public Alerts on Police Locker scams.
• CISA Ransomware Guidance for reporting ransomware and online fraud.

---

10. FAQs about Police Locker Ransomware

Q: What is Police Locker Ransomware?
Police Locker Ransomware is a type of ransomware that locks a device’s screen and displays a fake law enforcement message demanding payment to restore access.

Q: How does Police Locker Ransomware spread?
It spreads through phishing emails, malicious websites, fake software downloads, and trojanized mobile apps.

Q: Should I pay the ransom if infected with Police Locker Ransomware?
No. Paying the ransom does not guarantee the device will be unlocked and may lead to further targeting by cybercriminals.

---

11. Conclusion

Police Locker Ransomware was one of the earliest forms of locker ransomware to use fake law enforcement threats as leverage. While less common today than more advanced crypto-ransomware, it remains a serious threat due to its reliance on fear and psychological manipulation. Awareness, secure computing habits, and strong security tools are the best defenses.

 

 

« Back to the Virus Information Library

« Back to the Security Center