Has your Windows PC just prompted a message that its operating system license is expired? Or a statement like this- “Your Windows License has Expired, Please get a new one by calling on 1-888-303-5121 from Store Representative”?
Well, this might be the lamest of all Ransomware that is trying to crawl on your hard disk data. For the uninitiated, Ransomware is a deceitful malware program, which locks out the user from his system and demands ransom in order to give back the access. The Ransomware family has just been flourishing with newer and stronger Ransomware programs. And 2016, has specially been designated as the ‘year of Ransomware’. Every now and then, we have come across robust Ransomware like CryptoLocker, Locky, Petya Ransomware and alike.
Until now, these guileful programs looked for a vulnerability and then transmitted the exploit kit. But this time, the ‘Lamest of all Ransomware’ gave an easy way out to security researcher and victimized users’.
Authentication of the Expiration Message
A couple of days ago, American users (primary target) got to see a ‘Windows License Expiration’ message flashing on their computer screens. This, for obvious reasons, wasn’t an authentic message from Microsoft. However, criminals tried hard to be smarter than ever. The message screen was designed to be visually similar to that of Microsoft’s Windows 10 marketing. Crooks even had placed Windows 10 hero image as the background, so that menace could be easily performed. Perhaps, it was a great attempt to bewilder users with the authentication of the message.
Apart from this, it also had logos of Team Viewer and LogMeIn applications, at the top of the screen. Researcher have anticipated it as the exploit kit for the Ransomware. If this has been the case, then cyber criminals could easily log into the victims’ PC and encrypt the data. All this was done using messages that we have stated above. As soon as the user call at that toll free number, cyber criminals toil into transmitting the malware program.
How this Ransomware attacks
This ransomware distributor is a program name freedownloadmanger.exe. Once installed on user’s computer it starts executing ransomware itself. Due to this attack, victim, no longer can have access or control over his system.
Researchers overview on the Ransomware
The message claimed to reactivate the Windows operating system by calling on the number given in it. However, when Symantec researchers tried to find out the matter and called on the stated number, they weren’t responded well by the alleged representatives. Their call was put on hold for 90 mins, ultimately leading to force hang up.
After this, the researchers went a step ahead and tried to find out the number on Google. The results tangled them even more. It exposed numerous suspicious pages advising victims to pay the fee to regain control over their computers. According to Symantec, these search results are poisoned and created only to mislead people to think there is no another solution for getting rid of the activation screen forcing them to pay up.
Vulnerability in the Lamest Ransomware
World Wide Web has been calling this Ransomware, the Lamest of all Ransomware. This is so because, it is only Ransomware which has been hacked and a decode key has been circulated amongst all. This code certainly helps the users to get back the access over their system.
Users should type “8716098676542789” in the input field and they will once again have access to their computers. Although the crooked campaign has been shut down now, but it could still relapse and infect other users.