2012-09-22 - Evolution

Urausy has big plan for Europe - Targeting 3 new countries among which Norway!

After adding a default Interpol design and new countries BE, CH, FI, IE (the ? 'Gaelic Ransomware' ), LU, SE past week, Urausy is now showing dedicated clothes to 3 new countries:
GR, DK, and NO (First - or not..see edit at the end - ransomware targeting Norway, hence this post)

Urausy - NO - 09-2012

Urausy - GR - 09-2012

Urausy - DK - 09-2012

The localisation work for this Ransomware is becoming really impressive.
Look by yourself :

Design Available for Urausy on 09-2012
Screenshot of Botnets.fr Gallery

In my opinion they are adding countries based on the hit number by country on the Interpol design
<edit> Urausy is not the only one to target Norway. Spotted Gimemo this morning, but maybe this is not that new.

Gimemo NO Landing (09-2012)

NO landings : https://www.botnets.fr/index.php/Landings_NO
Gimemo landings : https://www.botnets.fr/index.php/Gimemo
</edit>
<edit2>
Here : 2 fiddler file allowing to see how the EK spreading Urausy since months works. http://dl.dropbox.com/u/106864056/Urausy_fiddlers.zip
</edit2>
<edit3 28/09/12>Tobfy/Ysreef now showing sames clothes than Urausy (See botnets.fr/index.php/Tobfy ) </edit3>
<edit4 29/09/12> 2 new countries spotted : Czech Republic and Cyprus.

</edit4>
<edit5 04/10/12> 3 new countries targeted : Australia (First Police lock?) Latvia (First time?) and Romania

</edit5>
<edit6 15/10/12>
Slovenia design spotted :

Urausy SI (10-2012)

</edit6>
<edit7 26/10/12> 2 new countries targeted and it's the first Ransomware targeting them:
Hungary and Slovakia

</edit7>

As usual, if you want to see more, you'll find all Urausy design, some http requests and md5 hashes on Botnets.fr/index.php/Urausy

Post publication Reading :
The missing link - Some lights on "Urausy" affiliate 2013-05-29