Attention to a clever new type of Ransomware requesting money with full combo of "Fake Windows Update invoked → Update failure → Call to fake official support"



Fraud page hijacking the screen remotely by pretending to be Apple supportFraud which is the official technical support of famous enterprises such as, is increasing. What was newly discovered was Ransomuwa, which locks the screen of the PC and displays the real Windows-like screen, finally putting it on a phone number that calls for technical support of Microsoft, and as money "necessary for updating" A clever way to make you pay is also emerging.

Tech Support Scammers Get Serious With Screen Lockers | Malwarebytes Labs
https://blog.malwarebytes.org/cybercrime/social-engineering-cybercrime/2016/05/tech-support-scammers-get-serious-with-screen-lockers/

Security researchers who discovered the new type of Ransomware@ TheWack0lianAnd I posted a screen shot of a screen impersonated as a Windows program on Twitter as a sample. When restarting the infected PC with this new type of Ransomware, the screen of Windows Update which is almost real is displayed, and it seems that the update seems to proceed. At this time, like the real Windows Update, the mouse and keyboard operation are locked.


Although it shifts to the desktop screen if it is genuine, this Ranthers wear is "I was unable to complete the Windows Update because the OS license has expired.Please enter the correct product key and continue" Display the screen to do. Even if you enter the correct key, "Product key is incorrect, please contact telephone support", as if the key were wrong, we will guide you to a fake phone number. The ongoing screen of Windows Update is a clever make-up that calls without warning because the standard Windows user is so sophisticated that it is difficult to notice the fake, and the phone number is toll-free It is.


Malwarebytes Labs reporting this case said that he called a fake technical support. Fish "Microsoft Technical Staff" instructs you to press "Ctrl + Shift + T" after such interaction. Then the hidden TeamViewer will be launched and the fraudster will be able to do remote control. Ultimately the fake staff said that "Because we need $ 250 (about 27,000 yen) to unlock the screen," Malwarebytes Labs said that he ended the call here without paying any money about.


In addition, @ TheWack 0 lian has discovered a hidden command that can unlock the screen with "Ctrl + Shift + S", it is possible to return the PC without paying money. If it can not be canceled, even if you enter "h7c9-7c67-jb" "g6r-qrp6-h2" "yt-mq-6w" in the product code field, you know that it will be recognized as "correct product code" I will. Although the Ransomware of this time is an English specification, there is a great possibility that Malware or Ransomware that is a famous enterprise in Japan may come out, so I do not think that it is okay as it is a company I know, so I need to be very careful.

in Software,   Security, Posted by darkhorse_log