Scammers Abusing Windows Support Use VindowsLocker Ransomware
One non-chargeable decryption code from Malwarebytes is designed towards helping victims targeted with new ransomware assault regain lost data after online crooks have carried out one scam technique based on 'technical support.' Dubbed VindowsLocker, the recent strain of ransomware emerged last week. To perform, the ransom software builds a connection between the victim and an imposter Microsoft technician that results in encryption of the victim's files with the aid of one Pastebin API.
Attacker carrying out the scam first makes a phone call to the victim and supposedly describes himself as certain support technician from Microsoft who is checking up a malware contamination alternatively reports about errors on victim's PC. After this, the imposter directs that the victim should take down one diagnostic tool from the Net, often one genuine remote support application such as Teamviewer or LogMeIn Rescue. The download helps make a connection with the host PC that subsequently enables complete the attack.
Security researcher Jakub Kroustek from AVG identified VindowsLocker whose moniker he decided on the basis of .vindows file extension the malware included at the end of an encrypted file. VindowsLocker utilizes AES algorithm for encrypting and thus locking files which depict extensions such as docx, doc, text, ppt, xlsx, xls, jpg, odt, pptx, sql, csv, png, php, sln, mdb, xml, html, aspx, and asp.
More research has shown that VindowsLocker isn't really a ransomware of the typical kind rather it's only one encryption code created for making a joke. Nonetheless, the malware increases confusion and scares victims into paying large sums. Forbes.com posted this, December 2, 2016.
A victim viewing fake Windows support page is told to provide his banking credentials and e-mail id for processing a $349.99 payment for freeing his PC. But, the payment does not restore the files to the original user, says Malwarebytes. That's because the makers of VindowsLocker fail in automatically decrypting the contaminated PC because of certain coding errors.
VindowsLocker ransomware developers, according to Malwarebytes, have spoiled an API key which could be utilized during short sessions. However, decryption tools have been issued capable of undoing VindowsLocker's destruction, thanks to security professionals.
» SPAMfighter News - 12/8/2016