Ransomware is a type of malware that disables the victim’s ability to use their computer or access their data. It can use encryption, registry interference, rights and security modifications or just plain old graphics overlays to accomplish its task. The end result that the attacker desires is to charge the user a fee to get access back, and sometimes, obtain credit card information for sale on the black market, or for more fraudulent spending.
Gregg Keizer at ComputerWorld is reporting that a new Trojan has hit the wild, wooly, web, that in this case is trying to extort money from its victims by convincing them to dial expensive international telephone numbers to reactive Windows. Once installed on a PC, the malware displays a message claiming that “This copy of Windows is locked. You may be a victim of fraud or there may be an internal error,” and it must be reactivated. The computer will not boot into either normal or Safe mode. The victim is instructed to dial a long distance number, then enter a six-digit code to reactivate the operating system. “The call from your country is free of charge,” the message falsely indicates.
The perps pretend to be Microsoft, and the telephone numbers actually lead to an automated call center where users are kept on hold for several minutes, racking up long-distance charges. F-Secure is trying to determine the location of the call center. The scammers make money through what F-Secure called “short stopping,” billing a call at a rate higher than the actual destination charges.
What can you do if you are the victim of a ransomware attack?
- You can pay these clowns, perpetuating the threat, lose the $30 – 200 that is typically charged, and risk losing more money by handing them your credit card details. (NOT recommended)
- You can install a good reliable backup/restore mechanism. Windows restore point is often tampered with, so I suggest Comodo Time Machine, Symantec Ghost, or one of many others available.
- Tape backups are always a handy mechanism, provided you actually use them. Few will.
- Also, if you have another computer handy, you can google the message presented, and get its unlock code eventually. In this case, F-Secure got unlock code: 1351236 from the call center.
“I hate the idea of paying money to these clowns,” said F-Secure’s representative. “Just enter that code.”