Ransomware plays pirated Windows card, demands $143
Scam tries to scare users with black screen and Microsoft logo; Panda's found the 'activation' code
Computerworld - Cybercriminals are trying to trick Windows users into paying [euro]100 ($143) by claiming that they're running a counterfeit copy of the operating system, a security expert said today.
The scam, a kind dubbed "ransomware" for the way criminals try to extort money, poses as a message from Microsoft that alleges Windows is pirated. In reality, the user is infected with malware acquired after following instructions received in malicious email messages or through peer-to-peer (P2P) networks.
"This is not the first time cybercriminals have tried to pose as Microsoft in order to gain enough credibility so users are fooled and will pay money, said Luis Corrons, the technical director of Panda Security's lab. "But this time they are getting a bit greedy."
Previous ransomware attempts that leverage Microsoft's brand have demanded only $15 to $20, said Corrons. In April, for example, Finnish antivirus vendor F-Secure reported a similar Windows activation scam that racked up charges by keeping users on hold to a high-priced long-distance number.
The malware and subsequent scam is being primarily pitched to German-language speakers, said Corrons.
At current exchange rates, [euro]100 is equivalent to nearly $143.
To enhance the believability of the scheme, the malware displays Microsoft's logo and the notorious black screen that Microsoft forces on counterfeit copies of Windows when its validation software recognizes a counterfeit.
According to Corrons, the on-screen instructions claim that unless the victim pays the ransom, all data on the machine will be lost. Local prosecutors will be notified unless payment is made within 48 hours, the scam adds.
"They have played two cards here," said Corrons, "saying they are Microsoft and that [prosecutors] are aware of the situation."
Both claims are fake, Corrons added. "After two days, nothing happens. You can still use your computer [and] no files are deleted," he said.
Payments must be made through one of two payment services relatively unknown in the U.S., but more widely used in Europe: Ukash and Paysafecard.
Panda has obtained the activation code that the scammers eventually send to paying customers. Like legitimate Windows activation codes, it's a 25-character alpha-numeric string: QRT5T-5FJQE-53BGX-T9HHJ-W53YT
"For all of you [who] wouldn't like to pay anything to these bastards, this is the code you can use to deactivate it," said Corrons.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
- Nine charged with distributing Zeus malware
- The new security perimeter: Human Sensors
- Cyberattacks could paralyze U.S., former defense chief warns
- Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Cybercrime and Hacking White Papers | Webcasts