The number of porn site-related ransomware, known as Kovter, has doubled during the past month from 7,000 infections to 15,000, security researchers at Damballa have found.
Kovter targets users of adult websites, taking control of their computer or mobile device, according to a blog post by threat researcher Gina Pimentel.
"The malware scans your browser history searching for adult websites and associated cached content, which it presents on the splash screen while locking your computer as ‘evidence’," she said.
Even if no adult site browsing history can be foud the malware creates that evidence by redirecting the user’s browser to a randomised porn site before logging and retrieving content.
Similar to other ransomware, Kovter takes control of computer, splashing a message that the user has broken law, scaring users that it could attract severe fines and prison.
Subsequently, it asks to pay a fine of around $300 before the deadline to continue using the system normally.
Pimentel from said like any good blackmailer, Kovter tries to shame its victims into silently paying the fine and keep their extortion attempts secret.
"It’s important to note that paying the ransom will not remove the malware from your system or restore your computer functionality in most cases," Pimentel said.
Threat actors Kovter ransomware ask their victims to pay through MoneyPak in the US while in other locations Ukash and paysafecard are used as payment method.
"These payment methods give attackers untraceable, readily accessible funds in electronic cash with no red tape," Pimentel added.