Netflix has gained the attention of criminals who are looking to take advantage. This time they are targeting users who are looking for free Netflix. UTB Blogs posted on 31st January, 2017 stating that attackers frequently try to monetize compromised accounts by selling them or by exploring vulnerabilities of the server but also for the distribution of Trojans to steal personal and financial information of users.
Trend Micro revealed the ransomware called RANSOM_NETIX.A which is aiming Windows 7 and 10 computers and ceases itself if it runs on a dissimilar variant of platform. Websites offering Netflix accounts free of cost through a Login Generator by using accounts of other people which are luring people to download malicious ransomware attacking their PC and holding it to ransom.
When the user performs the Netflix login creator, the executable drops another copy of it (netprotocol.exe) and executes. The main window of the program provides users a button to create logins, which exhibits another prompt window while clicked. The second window apparently provides the user login information of a legitimate Netflix account.
However, these are bogus windows and prompts. The ransomware uses these to divert the user and starts to encrypt files in the background. It employs AES-256 encryption algorithm and attach the encrypted files with the .se extension. The malware targets 39 types of file which could be located under the C:\Users directory. The ransom notes, which look as wallpaper, then demand $100 worth of bitcoin (0.18 BTC) from its victims.
The scam is also a reminder of the risks of illegal copying of the content such as music, movies, software or paid memberships. Is your important file getting encrypted worth the piracy? Premium plan of Netflix costs around $12 per month and allows content to be flowed in four devices at the same time. Compare that when you have to pay $100 in getting your files decrypted. However, other ransomware families have shown that it is also not guaranteed to get them back.
Hence, it is advised to only download from reputed sites. Never click ads which promise things seem to be impossible and sounds too good to be true which means it is a good idea to avoid it.