Saltar al contenido

Ransomware simulates Windows license lock

activacion-falsa

On the blog I have commented on several cases of ransomware that block the computer and request the sending of an SMS to recover it, most of these malicious programs were spread through adult pages.

Now it seems that the attackers have changed their strategy, the malware is spreading through all sorts of fake pages and once they infect the system they block it requesting a call to activate Windows license:

(click to see larger)

As you can see in the screenshot you have to call a phone number and enter a code to receive a valid license. Although in the window it is mentioned that the cost of the call is free, that's not true.

They are international numbers that can also generate extra costs per minute (special services), when calling, answer an answering machine that simulates the activation process requesting the code 7 * 108 #. In this way, cybercriminals earn money and victims simply believe that it was something normal, generated by the anti-piracy system of Windows.

In the XyliBox blog you can find more details about the attack and captures of the false pages that spread this ransomware. At the time of detection, only 3 antivirus engines considered it to be some kind of 3/42 threat.

See also: Fake Windows Activation Steals Credit Card $ 1,000 Per Day With SMS Ransomware Campaign. Fake Kaspersky Installer & Site Spreads Ransomware.