'Ransomware' extorts payment with phone call
Pay $35 by dialing a 900 number, or forget using the PC, says researcher
Computerworld - New "ransomware" that locks up a person's PC and demands $35 to return control to its user is on the prowl, a security researcher said this week.
The extortionists tell victims of the Delf.ctk Trojan horse to dial a 900 number, said Alex Eckelberry, CEO of Sunbelt Software Distribution Inc., a Clearwater, Fla.-based security developer. That number can be traced to "passwordtwoenter.com," a payment processor also used by hardcore pornography Web sites to charge for access to their content, added Eckelberry.
Users infected with the Trojan horse see a full-screen message posing as an error generated by Windows, according to screenshots posted by Eckelberry on the Sunbelt company blog on Monday. "ERROR: Browser Security and Antiadware [sic] Software component license exprited [sic]," the message reads. "Surfing PORN, ADULT and some other kind of sites you like without this software is dangerows (sic) and threatens with infection of your computer by harmful viruses, adware, spyware, etc."
The bogus update window includes a "Click to activate new license" button that in turn brings up another screen, this one telling U.S. users to dial a 900 telephone number and enter a personal identification number (PIN). If the 900 number doesn't work, the page instructs users to dial alternate numbers -- one in the West African nation of Cameroon, the other a satellite telephone number.
"You're completely locked out of the system" after the Delf.ctk Trojan horse installs and runs, said Eckelberry. The only way to regain control is to pay up by dialing.
A search on Google for the 900 number returns results pointing to passwordtwoenter.com, a Web site registered to Global Voice SA, a company based in the Republic of Seychelles, an island nation in the Indian Ocean. The IP address used by passwordtwoenter.com is shared with similar domains, including "pintoenter.com" and "chargemyphonebill.com," which are also registered to Global Voice.
Global Voice did not respond to e-mail sent to the address listed in the domain registration information for passwordtwoenter.com.
Ransomware, a term used to describe malware that tries to extort money from users after an infection -- usually to return access to suddenly-encrypted files -- is rare, but not unknown. The last outbreak of any note was in July 2007, when another Trojan horse, dubbed "GpCode," demanded $300 to unlocked frozen files.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts