Tech support scams evolve, borrow tricks from ransomware creators

screen shot 2016 07 11 at 08 53 25

screen-shot-2016-11-29-at-03-27-54.jpg

Malwarebytes

Ransomware continues to evolve and it is becoming more and more of a challenge for the general public to stay shielded from such threats and security experts to stay on top of the evolving strains of ransomware being found in the wild.

It is not just the malicious code itself, however, which is a problem. Now, support scammers are taking tips from ransomware developers to make their own fraudulent schemes more sophisticated and successful.

ADVERTISEMENT

Ransomware is a particularly virulent type of malicious code which, once installed and executed on a vulnerable system, encrypts the contents of a PC and demands payment — usually in Bitcoin — in exchange for a key to decrypt files and return access to a victim.

Countless ransomware families such as CoinVault, TeslaCrypt, and Petya generate a fortune in fraudulent revenue for operators every year, who not only target the average consumer, but also businesses, hospitals and transport networks without thought.

In the past, tech support scams have often taken the form of simple cold calls and malware-based fake alerts which attempt to frighten PC users into thinking their PC needs a “clean” from companies such as Microsoft. More recently, screen lockers have also emerged.

Tech support scams have now gone a step further and have taken a page out of the ransomware book in a new effort to frighten users into paying up for a fake service, according to researchers from Malwarebytes.

See also: Remove ransomware infections from your PC using these free tools

The new twist was discovered after tracking the “Vindows Locker” ransomware which appears to be true ransomware that encrypts your files. However, the standard blackmail note — which often portrays the malware as a government agent, law enforcement or similar groups — demands a $349 ransom not in Bitcoin, but as a payment made to a supposed Microsoft technician.

A number is displayed on the ransom note which if called leads to a team of Indian support scammers, who promise to decrypt your files in return for the fee. However, pay up or not, those files are not going to be decrypted by them.

There is little that is particularly interesting about Vindows Locker, as the malware is written in C#, mildly obfuscated and files are encrypted with AES and it adds the .vindows extension to each one.

However, the malicious code does contain one unusual element; the abuse of Pastebin’s API to establish communication between the ransomware and the operator’s command-and-control (C&C) center.

The malware is not sophisticated and neither do the creators appear to be. Mistakes made in how cryptography has been applied to lock files has allowed the Malwarebytes team to create a decryptor for victims.

As always, you should never pay up if you are infected with ransomware; there is no guarantee you will be able to rescue your content and doing so only encourages this trend to continue.

(via PCMag)



Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.


ADVERTISEMENT
Social Media Auto Publish Powered By : XYZScripts.com
Just in:
Construction Management Awards 2026 – Now open for nomination Introduction of the Inaugural “Excellent Construction Safety Culture Award” Guides the Construction Industry Toward a New Milestone in Safety // Save the Children Hong Kong’s Play to Thrive: Prioritising Personal Growth Over Competitive Success // France and Oman press toll-free Hormuz passage // Hawaii tests plastic waste in roads // Binzhou’s Leap from Manufacturing to Intelligent Manufacturing // Masdar starts Kazakh wind power push // Most UAE expats under-insured, reveals survey // Anthropic reopens Mythos 5 for cyber defenders // Tehran blocks French role in Hormuz clearance // XRG and Eni deepen Argentina LNG push // Bid To Rebuild Bengal To Its Old Glory Is Welcome, Though Difficult // PRHK 2026 Benchmark Report highlights how Hong Kong’s IPO revival, AI, and the GBA are reshaping the SAR’s PR industry // Afogreen Build Highlights Growing Adoption of Building Performance Modelling in Australia’s Sustainability-Driven Construction Sector // Abu Dhabi starts new Saadiyat arts landmark // This summer will never stop us from our wellness routine // Cheap RAT spreads through Telegram channels // Bracell Welcomes Fernando Branco’s Appointment to Lead ABAF and Reinforces Commitment to Sustainable Forestry Development in Bahia // World’s First Commercial Multimodal LLM for Cultural Tourism Enters Broad Application // Beijing widens Japan curbs as Takaichi row deepens // China’s digital hub Hangzhou hosts conference on AI, OPC //