Spyware Remover Help » ransomware

The Rise of the Ransomware

Ted — Fri, 20 Jan 2012 04:00:22 +0000

In the last months we have seen an increase of ransomware attacks. While the first ones we saw were posing as Microsoft to threaten the user because it had been detected a pirated version of Windows, and in case you didn’t pay the fine they would contact the local law enforcement agencies, the new ones [...]—
read the article

Ransomware posing as Microsoft

Ted — Fri, 16 Sep 2011 11:00:04 +0000

We’ve found yet another malware piece, this time it is a ransomware to take some of your money. Once you get infected (you can receive it in a number of different ways, most likely via spam messages and P2P), your computer is restarted. What for? Well, the malware installs itself to run every time your [...]—
read the article

Ransomware posing as Microsoft

Ted — Wed, 07 Sep 2011 11:00:05 +0000

Rogueware with new Ransomware Technology™

Ted — Thu, 08 Oct 2009 19:00:01 +0000

The criminals behind Rogueware attacks are becoming increasingly aggressive in their approach to make money. We recently stumbled across a sample (Adware/TotalSecurity2009) which uses a ransomware technique to improve its sales. Once the computer becomes infected, Total Security forces the victim to purchase it before it will allow any files from being accessed on the system. When attempting to open a file, a message pops up in the notification area claiming that the application was blocked due to infection. The pop up recommends activating the "antivirus" software, which costs $79.95. This would be a devistating blow to any user and would likely force the victim to purchase it, so we went ahead and cracked the sample to reveal all of the valid serial numbers. We're hoping that victims can find this blog post before shelling out any hard earned cash to these criminals. Watch the video to see it in action: Valid serials for Adware/TotalSecurity2009:WNDS-TGN15-RFF29-AASDJ-ASD65 WNDS-U94KO-LF4G4-1V8S1-2CRFE WNDS-6W954-FX65B-41VDF-8G4JI WNDS-G84H6-S854F-79ZA8-W4ERS WNDS-TTUYJ-7UO54-G561H-J1D6F WNDS-A1SDF-6AS4D-RF5RE-79G84 WNDS-A1SDF-RY4E8-7U98D-F1GB2 WNDS-5SRTS-AEHUF-YA54S-D6F35 WNDS-P9685-4H41A-DSW3A-2R64T WNDS-2AE32-1VFC2-B6894-G67YU WNDS-4TS8R-D6F5D-4JH8T-U4JK5 WNDS-FGS5D-649RG-4S53D-412SF WNDS-452S3-ER00F-TSE35-S8FSD WNDS-SERFH-2642S-F04SD-64FG1 WNDS-F40SA-1ER5H-4FG5D-F8412 WNDS-5D1V2-XB0D5-JT1TY-97DS3 WNDS-4BGY2-JY4KO-IT98Y-7HJ43 WNDS-G8FB6-1V87S-DRT1S-63SRG WNDS-HFVDR-9844O-U54DA-5TBSC WNDS-89OF7-7324R-5SAD4-TG68U WNDS-JUYH3-24GHJ-HGKSH-FKLSDYou can download a free trial to completely remove the infection once the ransomware feature is removed.Special thanks to Mikel Echevarria Lizarraga for extracting the serials.
source

Ransomware Reloaded

Ted — Mon, 20 Apr 2009 19:00:01 +0000

One of the latest examples of ransomware we have seen is Trj/SMSlock.AThe main aim of this malware is to make users pay ransom for their computer in order to have it completely operative.Until now some of the functionalities we had seen in ransomware were to encrypt certain documents or extensions of the computer or to empty the emails of the user’s inbox and the contact list, among others. However, in the case of Trj/SMSlock.A, it locks the access to the system (leaving the computer unusable), and it displays on the screen a message in Russian which contains the instructions so that users send an sms as a random for their system: Note: Below you have the transcription in English of the message displayed on the screen.To unlock you need to send an SMS with the text 4121800286 to the number 3649 Enter the resulting code:Any attempt to reinstall the system may lead to loss of important information and computer damage
source

Police ‘find’ author of notorious Gpcode virus (InfoWorld)

Ted — Thu, 22 Jan 2009 19:08:19 +0000

The infamous Gpcode ‘ransomware’ virus that hit computers in July was the work of a single person who is known to the authorities, a source close to the hunt for the attacker has told Techworld. The individual is believed to be a Russian national, and has been in contact with at least one anti-malware company, Kaspersky Lab, in an attempt to sell a tool that could be used to decrypt …

original article

A new case of RansomWare !!!

Ted — Tue, 17 Jul 2007 06:45:00 +0000

We have detected a new case of RansomWare.

Once the malware infects users and encrypts their files, several â€œread_me.txtâ€ files are created in the infected system, which warn users that their data files have been encrypted and that they wonâ€™t be able to access them unless they pay a ransom of $300.

The email addresses indicated in the message may vary:

kiloglamour@gmail.com

tristanniglam@gmail.com

oxyglamour@gmail.com

glamourepalace@gmail.com

The â€œpersonal codeâ€ may also vary depending on the random value that is used to encrypt the data.

The encrypted files usually begin with the text â€œGLAMOURâ€:

We have managed to access the data of the infected systems and there are 1,108 infected computers.

Besides, in 111 of those machines the port 6838 is open so that the machines act as socket servers.

The â€œconstruction kitâ€ of Trj/Sinowal has been used to create this Trojan.

We have already mentioned this malware family in the eCrime 2007

http://research.pandasoftware.com/blogs/research/archive/2007/03/29/eCrime-2007-Congress.aspx

According to SecureWorks, this â€œconstruction kitâ€ is sold for around $1,000.

http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?RSS&NewsId=3740

This variant has been detected as Trj/Sinowal.FY in the signature file.