tumblr hit counter

Ransomware posing as Microsoft

Sep 6

We’ve found yet another malware piece, this time it is a ransomware to take some of your money. Once you get infected (you can receive it in a number of different ways, most likely via spam messages and P2P), your computer is restarted. What for? Well, the malware installs itself to run every time your computer is started. And at the very beginning, just after you log in, it will show you the following screen:

With my English an Spanish knowledge I was able to understand what it was saying in German, but I translated it just in case. The threat is clear: your Microsoft Windows authenticity could not be verified, you need to have it fixed, which is just a 100€ payment. They give you the payment instructions and before saying goodbye they let you know that in case you don’t pay you’ll lose access to the computer and will lose all your data, as well as that the district attorney’s office has already your IP address and that you’ll be prosecuted in case you fail to pay the 100€ in 48 hours.

Well, that would scare anyone that doesn’t know this is a ransomware attack. When you go to the website announced in the previous screen, this is what you get:

Once you enter the code given in the first screen, you are redirected to another web where you can fill all your data, so they can charge you with 100€… to start with. Once you have sent them your data, they tell you you’ll get an activation code within 24 hours when they have confirmed that your credit card is working. Well, for all of you that wouldn’t like to pay anything to these bastards, this is the code you can use to deactivate it:

QRT5T5FJQE53BGXT9HHJW53YT

Doing that your computer will be restarted and the registry key created by this malware (detected as Ransom.AN) will be removed, as well as the malware file. Anyway, once you know you’ve been infected with a piece of malware you don’t know how many you may have there, so it is worth giving a try to our free Panda Cloud AntiVirus.

Post to Twitter

  • (25) Comments

Comments

  1. Steve says:

    Looks remarkably like a MS product key. To what?

  2. Hume says:

    Hi
    my daughter has the virus at her PC. Unfortunetaly, We code QRT5T 5FJQE53BGXT9HHJW53YT doesn’t work. Do we have o put another code?
    Thanks in advance for your help.
    All the Best,

    • Luis Corrons says:

      It could be a different version, the best thing is to install Panda Cloud Antivirus (www.cloudantivirus.com) and remove it. In case it causes you any problems to do that, start the computer in safe mode in first place.

  3. Mor says:

    The deactivation “key” doesn’t help. What should I do?

    • Luis Corrons says:

      It seems to be a different version, the best thing is to install Panda Cloud Antivirus (www.cloudantivirus.com) and remove it. In case it causes you any problems to do that, start the computer in safe mode in first place.

  4. Natalja says:

    the code is invalid…and now?

    • Luis Corrons says:

      It may be a different version, the best thing is to install Panda Cloud Antivirus (www.cloudantivirus.com) and remove it. In case it causes you any problems to do that, start the computer in safe mode in first place.

  5. Feat says:

    QRT5T5FJQE53BGXT9HHJW53YT dont works anymore for actual version is this malware , fix it plz

    • Luis Corrons says:

      It will be a different version, the best thing is to install Panda Cloud Antivirus (www.cloudantivirus.com) and remove it. In case it causes you any problems to do that, start the computer in safe mode in first place.

Trackbacks

  1. [...] from PandaLabs have spotted a Microsoft themed ransomware variant. Spreading over email and P2P, the ransomware locks down the infected victim’s PC and demands [...]

  2. [...] up Microsoft Windows users, it appears that a new ransomware was spotted by Panda Labs. For those unfamiliar, ransomwares are basically a form of malware that, as the name suggests, [...]

  3. [...] spotted a Microsoft themed ransomware variant and found a solution to deactivate this malware. As their announcement, the malware which is detected as Ransom.AN is a ransomware posing as Microsoft. Once you get [...]

  4. [...] from PandaLabs have spotted yet another malware piece, a Microsoft themed ransomware variant. Once you get infected, it will show you the following [...]

  5. [...] their announcement, the malware which is detected as Ransom.AN is a ransomware posing as Microsoft. Once you get [...]

  6. [...] More details on Ransom-AN, including an unlock code, useful in cases where users are unlucky enough to become infected, can be found in a blog post by Panda here. [...]

  7. [...] More details on Ransom-AN, including an unlock code, useful in cases where users are unlucky enough to become infected, can be found in a blog post by Panda here. [...]

  8. [...] More details on Ransom-AN, including an unlock code, useful in cases where users are unlucky enough to become infected, can be found in a blog post by Panda here. [...]

  9. [...] More details on Ransom-AN, including an unlock code, useful in cases where users are unlucky enough to become infected, can be found in a blog post by Panda here. [...]

  10. [...] More details on Ransom-AN, including an unlock code, useful in cases where users are unlucky enough to become infected, can be found in a blog post by Panda here. [...]

  11. [...] It then goes on to provide  instructions on how to make your payment and warns that if don’t pay, you’ll lose access to the computer and will lose all your data. And, as if that’s not enough to worry you, it adds that the District Attorney’s office has been notified of your IP address and if you fail to pay the 100€ in 48 hours you will be prosecuted. <original source> [...]

  12. [...] the last months we have seen an increase of ransomware attacks. While the first ones we saw were posing as Microsoft to threaten the user because it had been detected a pirated version of Windows, and in case you [...]

  13. [...] włoski, hiszpański, holenderski i niemiecki. Wcześniejsze warianty tego samego robaka udawały komunikat o pirackim oprogramowaniu Microsoftu. Sam wirus wykrywany jest jako [...]

  14. [...] a final months we have seen an boost of ransomware attacks. While a initial ones we saw were posing as Microsoft to bluster a user since it had been rescued a pirated chronicle of Windows, and in box we didn’t [...]

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Become a fan!


    Panda Security on Facebook
  • Blogroll

  • Categories