- Threat Encyclopedia
- Malicious URL
- http://tools.{BLOCKED}ation.com/ib2/
TROJ_RANSOM.BOV connects to this site to get the IP address, geographical location, city, and ISP of the affected system. Systems got infected with this malware when they visited the site of the French confectionery shop Lauderee. The variant was found to display a notification that impersonates the French National Gendarmerie and demands payment from affected users.