‘Council of Europe’ Ransomware

Posted: February 5, 2014

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	9

First Seen:	February 4, 2014
Last Seen:	July 13, 2019
OS(es) Affected:	Windows

The 'Council of Europe' Ransomware is a Trojan, currently identified as one of the possible aliases of the Linkup Ransomware, that blocks your Web browser by redirecting you to a fake security authentication page. By utilizing methods similar to the well-known DNS Changer to steal credit card information, the 'Council of Europe' Ransomware has marked itself as a fairly innovative PC threat, although its efforts are no more legitimate or legal than those of any other threat. Since the only thing paying the 'Council of Europe' Ransomware will do is to give criminals free reign over your credit card, malware researchers find it preferable simply to remove the 'Council of Europe' Ransomware with any sufficiently-advanced anti-malware product.

The Council that's Giving You Bad Advice

In some ways, how well-inform a PC user is on matters of security may be determined by how they respond to a browser hijacking – one of the most common attacks against vulnerable PCs, with results that may range from 'nuisance' to 'incredibly damaging.' The 'Council of Europe' Ransomware is one of the latest PC threats to use a browser hijacker to harm casual Internet surfers. However, rather than redirecting you to a search engine, displaying advertisements or forcing other kind of attacks, the 'Council of Europe' Ransomware uses its browser hijack as a means of displaying fake legal alerts.

The 'Council of Europe' Ransomware's modifications to your Web-browsing capabilities are based on changes to your baseline DNS settings that may affect all browsers without any discrimination. PC users may find their browsers redirecting to a fake Google page that claims that your Internet access has been blocked temporarily until you give it your MasterCard SecureCode. Supposedly, doing so allows for the temporary transfer of one Euro, which the 'Council of Europe' Ransomware claims will be refunded, as a security measure. What the 'Council of Europe' Ransomware really does is give criminals confidential financial data that they may exploit in future crimes.

The 'Council of Europe' Ransomware, as a general name for Trojans redirecting your browser to a specific Council of Europe warning message, currently is considered a version of Linkup Ransomware but may apply to other types of threats in the future.

Ransoming Your Browser from the 'Council of Europe' Ransomware without Cutting Your Card

Although you don't need to worry about the 'Council of Europe' Ransomware locking your desktop, blocking other programs or encrypting the files on your computer (all of which have been utilized by similar PC threats), the 'Council of Europe' Ransomware's ability to redirect your browser to fake warning pages is worrisome enough. Malware researchers also consider it likely that the 'Council of Europe' Ransomware may include Bitcoin-mining components that may cause major performance problems. Out of control Bitcoin-mining processes also have been associated with permanent damage to the host computer, which provides an important secondary reason for wanting to react to the 'Council of Europe' Ransomware with as much promptness as possible.

The 'Council of Europe' Ransomware is both recently-detected and designed to avoid being removed from your computer, like most advanced threats. Although it's up to you what other security protocols you wish to use to support the disinfection process, deleting the 'Council of Europe' Ransomware always should include the use of strong anti-malware programs that can detect all of its components accurately.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

file.exe

File name: file.exe
Size: 167.93 KB (167936 bytes)
MD5: f1304992523cd68f7412a355d2fb9d5d
Detection count: 78
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 4, 2014

pts2.exe

File name: pts2.exe
MD5: 7eb809d8ea5bfe602648752289669632
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

b.exe

File name: b.exe
MD5: 29eea4cd040bff1028d5b6092f22f9bf
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

j.exe

File name: j.exe
MD5: 2e9a71e4ee33d190056e081e6726fa56
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Additional Information

The following URL's were detected:

hxxp://62.75.221.37/uplink.php?logo.jpghxxp://hoseen45r.com/uplink.php?logo.jpghxxp://onetimes21s.com/uplink.php?logo.jpghxxp://setpec14rs.com/uplink.php?logo.jpg

The following messages's were detected:

#	Message
1	Council of Europe Virus Internet access is temporarily blocked. The Provisions of the fight against sexual exploitation of children and child pornography on the Internet complies with the provisions of a EU Council decision from December 2003. It gives the police powers to arrest those who are responsible for child online pornography, calls for the creation of the National Centre to combat child pornography on the Internet and establishes the Internet Service Providers have a legal obligation to adopt a filtering system to avoid access to sites censored by the Centre. To unlock access to the Internet, we need to establish you identity and submit your personal information to the registry.
2	Internet access is temporarily blocked. To verify your identity we need more information. Please enter your credit card information, we will deduct from your credit card 0.01 EUR and return them back within an hour. With this verification procedure, we can identify you and add your personal information to the registry, access to the Internet will be unlocked.

Message

Council of Europe Virus
Internet access is temporarily blocked.
The Provisions of the fight against sexual exploitation of children and child pornography on the Internet complies with the provisions of a EU Council decision from December 2003. It gives the police powers to arrest those who are responsible for child online pornography, calls for the creation of the National Centre to combat child pornography on the Internet and establishes the Internet Service Providers have a legal obligation to adopt a filtering system to avoid access to sites censored by the Centre. To unlock access to the Internet, we need to establish you identity and submit your personal information to the registry.

Internet access is temporarily blocked.
To verify your identity we need more information. Please enter your credit card information, we will deduct from your credit card 0.01 EUR and return them back within an hour. With this verification procedure, we can identify you and add your personal information to the registry, access to the Internet will be unlocked.