2013-07-28 - Evolution

Urausy Ransomware - July 2013 Design Refresh - "Summer 2013 Collection"

featured in Urausy

Urausy, the Ransomware spread by BestAV Affiliate, is showing new clothes since middle of july (thanks to @SecObscurity and @tachion24 for fast ping 2 weeks ago)

Patchwork of Urausy July 2013 Design Refresh 2013-07-27
(some are missing)

No more default Windows Logo, but always pretend this is done with the help of your antivirus (if one) company :

On the Left without antivirus - On the Right with an Antivirus (logo adapt)

<edit3 2013-08-24>
~~Seems now default is : Google.~~

Default "support" Logo 2013-08-24

Erratum : This is Stitur and end of 2013-08 could be date of appearance.
</edit3>

countdown (as in Reveton Winter 2012),

Urausy Countdown in US Design - 2013-07

more government representative (not for Germany here (?!) ) and some institution (CIRCL for LU, Mandiant for US). Logos for location where you can find voucher are now rotating.

Here are the Design I was able to gather

United Arab Emirates :

Urausy AE 2013-07

Austria :

Urausy AT 2013-07

Australia :

Urausy AU 2013-07

Belgium :

Urausy BE 2013-07

Bolivia :

Urausy BO 2013-07

Canada :

Urausy CA 2013-07

Switzerland :

Urausy CH 2013-07

Cyprus :

Urausy CY 2013-07

Czech Republic :

Urausy CZ 2013-07

Germany :
Note : I did no get the one we can see in blog.botfrei.de and which is more in line with the Design Refresh (thx @ericfreyss for the link)

Urausy DE 2013-07-27

<edit 1 : 2013-07-29>
Thanks to Maxstar here is it :

Urausy DE 2013-07-16

</edit1>

Denmark :

Urausy DK 2013-07

Ecuador :

Urausy EC 2013-07

Spain :

Urausy ES 2013-07

Finland :

Urausy FI 2013-07

France :

Urausy FR 2013-07

Great-Britain :

Urausy GB 2013-07

Greece :

Urausy GR 2013-07-29

Croatia :

Urausy HR 2013-07

Hungary :

Urausy HU 2013-07

Ireland :

Urausy IE 2013-07

Italy :

Urausy IT 2013-07

Luxemburg :

Urausy LU 2013-07

Latvia :

Urausy LV 2013-07

Mexico :

Urausy MX 2013-07

Netherlands :

Urausy NL 2013-07

Norway :

Urausy NO 2013-07

New Zealand :

Urausy NZ 2013-07

Poland :

Urausy PL 2013-07

Portugal :

Urausy PT 2013-07

Romania :

Urausy RO 2013-07

Saudi Arabia :

Urausy SA 2013-07

Sweden :

Urausy SE 2013-07

Slovakia :

Urausy SK 2013-07

Slovenia :

Urausy SL 2013-07

Turkey :

Urausy TR 2013-07

United States :

Urausy US 2013-07

Uruguay :

Urausy UY 2013-07

Some design are missing (PS, LB, JO, GR, etc...). I'll update once I have it.

Some Readings :
Urausy Lockscreen: Your computer will remain locked for 3 days, 11 hours and 20 minutes! - 2013-07-24 - Jaromir Horejsi - Avast
The missing link - Some lights on "Urausy" affiliate - 2013-05-29

Urausy Ransomware - Arab world targeted 2013-04-06

Urausy: Colorfull design refresh (+HR) & EC3 Logo 2013-02-09

Sample :
Designs (OwnCloud via goo.gl) (CC BY-ND)
14f95d3bce22add22389c9ccd6a6f3f2 (OwnCloud via Goo.gl) from this fiesta attack :

Fiesta Exploit Kit pushing Urausy via CVE-2010-0188

<edit1: 2013-07-29 - DE Design/>

<edit2 : 2013-07-29 + GR design />

