Browlock Redirects Via Google Image Search
We saw a website offering up a downloadable version of what they claim is Telltale’s Back to the Future game. The site had apparently been hacked, allowing those who compromised it to add redirect code onto the website.
As a side effect of this, clicking on their image via the initial returned results from a Google image search while using Chrome will mean your browser is redirected to a Browlock scam page, complete with dire warnings placed on top of the preview image which is now adrift in a sea of fakery:
As you can see, we’re looking at a typical “Your PC has been encrypted, pay us money to return your files” message – the translation of which can be seen over on the F-Secure website – and depending on your browser set up, you may have a few problems getting rid of the page. For example:
Once the box is on the screen, there is no way to open another tab or indeed navigate to one that is already open. For similar reasons, you won’t be able to close the browser either. The browser is trapped in a loop of confirmation pop-up boxes and our old friend CTRL+ALT+DEL will be required to kill the browser in Task Manager.
The end-user isn’t under too much risk here – the scam page is simply pretending that the PC has had all files encrypted, and wants them to pay up to get their hands back on valuable personal data. There have been instances in the past where Fake AV has taken advantage of image search and caused problems for Mac users, and here’s a YouTube video of the Windows equivalent.
In this case, if you’re ever able to get the pop-up out of the way AND close the image AND open up the vanilla website AND read the Russian text…you should close the browser via the wonder of Task Manager and go do something else anyway. Your data is safe, no need to hand over cash to scammers!