- Jun 9, 2013
- 6,720
Windows activation window and asking users to call a toll-free number to regain access to their PC.
The ransomware was first spotted by security researcher S!Ri and then by Symantec's team, and is not distributed en mass like other threats, with just a few infections here and there.
What makes this ransomware different are some of the smaller details that reveal this is not your casual screen-locker ransomware bought off the Dark Web by a small-time crook, but something that has been well-planned in advance.
Ransomware distributed via freedownloadmanager.exe file
First and foremost, infections occur via a program called freedownloadmanager.exe, which some users might install on their computer.
This actually installs the ransomware, which takes over the user's screen and shows a screen with the standard Windows 10 wallpaper, and an input field. Above this input field, there's the following message:
“ Your Windows Licence has Expired , Please get a new one by calling on 1-888-303-5121 ”
Above this message are the icons of two applications, LogMeIn and TeamViewer. Both are legal and safe applications which allow someone to log onto a remote computer.
The role of these shortcuts is unclear at the moment, but they might be fully working apps packed inside the ransomware that might allow a crook log into the user's desktop to reactivate the computer when calling the toll-free number.
Nobody answers the toll-free number
This is only speculation since Symantec called the number shown on the screen, as a test, but nobody answered for 90 minutes. As such, the price it might take to unlock this type of ransomware is unknown at the moment
Full Article. Ransomware Mimics Windows Activation Screen, Uses Poisoned Search Results
The ransomware was first spotted by security researcher S!Ri and then by Symantec's team, and is not distributed en mass like other threats, with just a few infections here and there.
What makes this ransomware different are some of the smaller details that reveal this is not your casual screen-locker ransomware bought off the Dark Web by a small-time crook, but something that has been well-planned in advance.
Ransomware distributed via freedownloadmanager.exe file
First and foremost, infections occur via a program called freedownloadmanager.exe, which some users might install on their computer.
This actually installs the ransomware, which takes over the user's screen and shows a screen with the standard Windows 10 wallpaper, and an input field. Above this input field, there's the following message:
“ Your Windows Licence has Expired , Please get a new one by calling on 1-888-303-5121 ”
Above this message are the icons of two applications, LogMeIn and TeamViewer. Both are legal and safe applications which allow someone to log onto a remote computer.
The role of these shortcuts is unclear at the moment, but they might be fully working apps packed inside the ransomware that might allow a crook log into the user's desktop to reactivate the computer when calling the toll-free number.
Nobody answers the toll-free number
This is only speculation since Symantec called the number shown on the screen, as a test, but nobody answered for 90 minutes. As such, the price it might take to unlock this type of ransomware is unknown at the moment
Full Article. Ransomware Mimics Windows Activation Screen, Uses Poisoned Search Results
