Browser lockers are also known as browlocks, are a class of online threats that prevent the victim from using the browser and demand a ransom.
A locker is a fake page that tricks the user, under a fabricated pretext (loss of data, legal liability, etc.), into making a call or a money transfer, or giving out payment details.
The “locking” consists of preventing the user from leaving the current tab, which displays intimidating messages, often with sound and visual effects.
Scammers include imitating the “blue screen of death” (BSOD) in the browser, false warnings about system errors or detected viruses, threats to encrypt files, legal liability notices, and many others.
The two families of lockers spread mainly via advertising networks, primarily aimed at selling “adult” content and movies in any intrusive manner.
For example, through tabs or windows that open on top of the visited site when loading a page with an embedded ad module (pop-ups) or after clicking anywhere on the page.
Most probably cybercriminals pay for ads to show browser lockers in pop-ups.
What does the Victim see?
On landing on a fake browlock site, the user typically sees a warning, allegedly from the browser, saying that if they leave the page some changes might not be saved.
If the user simply closes the tab, nothing happens; but if they click anywhere on the page, the main content of the locker expands to full screen.
Therefore, an imitation of a computer screen with an open browser appears in front of the user: at the bottom is a taskbar with the Google Chrome icon, and at the top is an address bar displaying the real URL of the MVD.
The notification on the page states that the device has been locked due to a violation of the law. Under the pretext of a fine, the victim is instructed to transfer a certain amount to a mobile account, ranging in size from 3,000 to 10,000 rubles (US$40–130).
In case of refusal, the ransomware threatens file encryption, as well as criminal liability under Article 242 of the Russian Criminal Code. The page is accompanied by an audio recording with threats and a demand to pay the fine.
The threat is quite primitive and aims to create the illusion of locking the computer and threaten the victim. Landing on such a page by mistake will not harm the user’s device or data, as long as they do not fall for the cybercriminals’ smoke-and-mirror tactics.
If the user panics, they could lose money. Don’t panic it won’t harm your device.