Urausy first appear at the end of July. It was just another
Reveton "Me too" with a yellow square filled with a # instead of the "Camera" and targetting few countries : DE, ES, FR, UK, US (PT? see at the end)
Based on what i was able to see of the distribution, I had the feeling at that time, that it was a Reveton distributor trying to run his own business.
![]() |
Highlighted design of Urausy for US as of July/August
showing how you could visually distinguish it from Reveton |
Few weeks ago
Malekal spotted that the French design had the yellow square filled by hands cuffed going out of the screen of a laptop
At same time new country were being targeted : AT and CA
![]() |
Piece of the French Urausy Design with the yellow square
filled with the image of the hands cuffed |
![]() |
Screenshot I made for Botnets.fr of the
new Polish Design for Urausy spotted by Tachion |
So I decided to make a small trip accross Europe..and know that Urausy is now targetting (at least)
BE, CH, FI, IE (the ?
'Gaelic Ransomware' ), LU, SE and all other countries (RU, UA included) with an Interpol Design (for PT see at the end)
![]() |
| Urausy default Design (09-2012) impersonating Interpol |
Here are those design (you will find all known design on
Urausy page of botnets.fr)
![]() |
| Urausy LU (09-2012) |
![]() |
| Urausy FI (09-2012) |
![]() |
| Urausy CH (09-2012) |
![]() |
| Urausy BE (09-2012) |
![]() |
| Urausy SE (09-2012) |
And...Tada !! (yes. Overreaction, but As a "Ransom Art" lover I spent a full evening hunting it, when it was announced...without success. Note that Urausy has been tested and was showing the FBI Design, hence the "?" when i wrote the (?) Gaelic Ransomware)
![]() |
| Urausy IE (09-2012) The (?) Gaelic Ransomware |
One Md5 : 58c5971869a315f12f319232d1f84f87
Note1 :
Have trouble getting IP in Portugal. If anyone think he can help me catching new PT design for Urausy and Reveton drop a comment or contact me on twitter. Would be really appreciated.
Note2 : If you catch or hear about a Ransom Design that you can't find on Botnets.fr contact us via IRC or twitter. We are always happy to improve our collection.
.png)
.png)
