Ransom Trojan locks Windows

Ransomware is slowly becoming quite a problem, and the latest one spotted by F-Secure tries a rather innovative approach: it locks the victims out of Windows and doesn’t allow them boot Windows in either normal or Safe mode until they have entered a code to “complete activation”:

Posing as a legitimate Microsoft action, the scammers claim that the activation is “absolutely free and is simply a formality.” The victims are offered six phone numbers to which they can place a call, enter a given code and once they receive an activation key, enter it and gain access to their computer again.

The note says that the call from the victim’s county is free of charge, but that’s a complete lie. The calls purportedly go to Microsoft call centers, but these numbers belong to rogue call centers seemingly located in countries such as the Dominican Republic or Somalia – i.e. countries with expensive phone rate.

But, these rogue call centers are actually located in countries the calls to which are much cheaper than to the previously mentioned ones, so the scammers and the owners of these call centers split the difference in the fee.

F-Secure’s Mikko Hypponen demonstrated how the scam works, and says that no matter how many times and to which of the offered numbers one makes the call, one is forced to listen to a four minutes long prerecorded message that reveals at the end always the same activation code: 1351236.

You Windows can be unblocked only by entering the code or formatting your hard drive and restoring its contents from your backup – there is no other way.