Geolocation: Ransomware Delivers Targeted Messages

It may surprise you to know that ransomware uses geolocation tech to now customize payloads and then target individuals. RansomeWare

Geolocation – for those that don’t know – obtains an approximate location of a connection by referencing a devices IP address against several databases. Those databases are maintained by Internet Service Providers as well as Traffic Detection Services, all of whom utilize and maintain databases on the places where an IP address has been used. Geolocation data in it’s present form doesn’t provide the actual address of an Internet-connected device, however, but it can get within ten miles of a device’s location.

This geolocation information is then used by the extortionists to direct ransomware to specific regions where they can believe they can score a big return. They might use geolocation to customize ransom messages for each target region, so they are fooled into thinking a fraudulent email actually leads to the info you want regarding changes to your regional bank, for instance.

Further, ransomware distributors can now target regions or countries with a higher average level of income such as those in Japan, the United States, and Europe where users are more capable of paying more than $500 to get the keys to decrypt their data.

Geolocation & Customization

Ransomware uses geolocation to customize the vernacular as well as content of the ransom message it displays to a user. Cybercriminals know that it will be a lot easier to get paid if their victims do not need to translate their messages first so they write ransom messages in the language used as per the victim’s region. Certain ransomware also check the language settings on the computer in addition to using geolocation information so that they utilize the correct language.

A variety of ransomware threats have included false claims from law enforcement agencies which users have conducted illegal activities i.e downloading copyrighted movies or music. Those that falsely claim to be from a law enforcement agency have the highest chance for success when the law enforcement agency they claim to represent is one that does have jurisdiction over their intended victim.  These ransoms lock the device until the fines are paid to the extortionists. Such schemes use geolocation to customize which law enforcement agency is used in the particular ransom message.

As we have said time and again the basic rules of data protection always apply. Avoid phishing emails that lead you to fraudulent sites. Back up your data with a secure, reliable provider. Take the time to check out the invitation to click on links or to upgrade apps or browsers simply by hovering over the link to see the full name of the URL. More often than not, you’ll find suspicious words in the URL you are being encouraged to use. Ransomware of any variety feeds on fear, as well as the motivation to move fast to avoid danger. Instead, slow down and take the time to look for any hints of trouble.

Olé Crypto,

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.