Just in:
Emirati Aid Reaches Ukraine as Food Shortages Bite // Party Nominees Refusing To Contest: Major Perception Threat For BJP // Meta Earth Official Website Launch: The Pioneer Explorer in the Modular Public Blockchain Domain // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV // Lisboeta Macau’s world first LINE FRIENDS PRESENTS CASA DE AMIGO and BROWN & FRIENDS CAFE & BISTRO has officially opened // Arvind Kejriwal Was Used By BJP In 2011 Movement To Take On The Congress // Court Sides with Coinbase on Wallet Service, But Staking Program Remains in Limbo // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony // Arvind Kejriwal Gets International Heft Against The Deshi Vishwaguru // German Job Market Resilience Bodes Well for Economic Recovery // AI Boost for Galaxy Devices: Samsung Expands One UI 6.1 Update // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Ingdan Announces 2023 Annual Results // Universal Language for Healthcare: General Authority Embraces Global Coding System // US reiterates concern over Kejriwal arrest, Cong accounts // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology // Renewables Surge Sets Record, But Global Equity Lags // In Lok Sabha Polls In Punjab, AAP Is Advantageously Placed As Against Its Three Rivals //
HomeBiz TechTech support scams evolve, borrow tricks from ransomware creators

Tech support scams evolve, borrow tricks from ransomware creators

screen shot 2016 07 11 at 08 53 25

screen-shot-2016-11-29-at-03-27-54.jpg

Malwarebytes

Ransomware continues to evolve and it is becoming more and more of a challenge for the general public to stay shielded from such threats and security experts to stay on top of the evolving strains of ransomware being found in the wild.

It is not just the malicious code itself, however, which is a problem. Now, support scammers are taking tips from ransomware developers to make their own fraudulent schemes more sophisticated and successful.

ADVERTISEMENT

Ransomware is a particularly virulent type of malicious code which, once installed and executed on a vulnerable system, encrypts the contents of a PC and demands payment — usually in Bitcoin — in exchange for a key to decrypt files and return access to a victim.

Countless ransomware families such as CoinVault, TeslaCrypt, and Petya generate a fortune in fraudulent revenue for operators every year, who not only target the average consumer, but also businesses, hospitals and transport networks without thought.

In the past, tech support scams have often taken the form of simple cold calls and malware-based fake alerts which attempt to frighten PC users into thinking their PC needs a “clean” from companies such as Microsoft. More recently, screen lockers have also emerged.

Tech support scams have now gone a step further and have taken a page out of the ransomware book in a new effort to frighten users into paying up for a fake service, according to researchers from Malwarebytes.

See also: Remove ransomware infections from your PC using these free tools

The new twist was discovered after tracking the “Vindows Locker” ransomware which appears to be true ransomware that encrypts your files. However, the standard blackmail note — which often portrays the malware as a government agent, law enforcement or similar groups — demands a $349 ransom not in Bitcoin, but as a payment made to a supposed Microsoft technician.

A number is displayed on the ransom note which if called leads to a team of Indian support scammers, who promise to decrypt your files in return for the fee. However, pay up or not, those files are not going to be decrypted by them.

There is little that is particularly interesting about Vindows Locker, as the malware is written in C#, mildly obfuscated and files are encrypted with AES and it adds the .vindows extension to each one.

However, the malicious code does contain one unusual element; the abuse of Pastebin’s API to establish communication between the ransomware and the operator’s command-and-control (C&C) center.

The malware is not sophisticated and neither do the creators appear to be. Mistakes made in how cryptography has been applied to lock files has allowed the Malwarebytes team to create a decryptor for victims.

As always, you should never pay up if you are infected with ransomware; there is no guarantee you will be able to rescue your content and doing so only encourages this trend to continue.

(via PCMag)

ADVERTISEMENT

ADVERTISEMENT
Just in:
Ingdan Announces 2023 Annual Results // German Job Market Resilience Bodes Well for Economic Recovery // In Lok Sabha Polls In Punjab, AAP Is Advantageously Placed As Against Its Three Rivals // Emirates Post Speeds Up Deliveries for GCC with Special Day // Experts come together to support updating the city’s nature conservation masterplan // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // Superland Announced Annual Results for 2023, 2023 Net Profit Increased approximately 39.5% to approximately HK$22.2 million as Compared to the 2022 Adjusted One // Court Sides with Coinbase on Wallet Service, But Staking Program Remains in Limbo // Lisboeta Macau’s world first LINE FRIENDS PRESENTS CASA DE AMIGO and BROWN & FRIENDS CAFE & BISTRO has officially opened // Meta Earth Official Website Launch: The Pioneer Explorer in the Modular Public Blockchain Domain // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV // Renewables Surge Sets Record, But Global Equity Lags // Emirati Aid Reaches Ukraine as Food Shortages Bite // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Hope for Respite as UAE Endorses UN Plea for Gaza Truce // Universal Language for Healthcare: General Authority Embraces Global Coding System // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // No running of govt from jail, says Delhi Lt Governor // Arvind Kejriwal Was Used By BJP In 2011 Movement To Take On The Congress // Party Nominees Refusing To Contest: Major Perception Threat For BJP //