When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Ransomware connects victims to fake Microsoft technicians to have their files decrypted

Neowin · · Hot! with 48 comments

Vindows Locker ransomware in action

Ransomware and tech support scams have never sounded like a good combination. However, these two things share something in common, the intent to extort money from innocent victims, usually by demanding large amounts of cash in exchange of 'fixing' the host's computer. Alarmingly enough, in today's connected world, we are seeing more of this, as cybercriminals start upping their game.

Discovered by Jakub Kroustek, reverse engineer and malware analyst over at Avast, Vindows Locker (not a typo) employs the use of technical support scams in order to demand the ransom from its victims. It will display the following ransom note, which includes a picture of an Indian tech scammer.

"this not microsoft vindows support
we have locked your files with the zeus virus
do one thing and call level 5 microsoft support technician at 1-844-609-3192
you will files back for a one time charge of $349.99"

It will append a .vindows file extension to all the files it encrypts. If you call the number flashed on the screen, you will be connected to the said scammers in India, who claim that they are from Microsoft who will generously fix your problem. Unfortunately, the fraudsters have no real intention of helping you out. Instead, they are only requiring users to call, so they can collect personal and financial information, and eventually drain your hard-earned money.

Payment form from the perpetrators

To make it look even more convincing, the scammers will open up a legitimate Microsoft support page once they have gained access to the victim's computer. However, once there, they will quickly paste a link on the address bar, which when opened will lead to a web form, which asks for credit card information. At this point, filling it out will give the scammers the money needed. The cybercriminals, however, will not do anything to save your files.

Fortunately, due to some inconsistencies and mistakes from the developers of the Vindows Locker ransomware, Malwarebytes Labs was able to develop an application, which can be downloaded here, to decrypt affected files.

While this malware can easily be bypassed, the Vindows Locker is a representation of how tech support scams, together with ransomware is evolving together. With this in consideration, it remains important to pay attention to our activity on the internet, as well as the files we download, in order to save our computers from contracting such malevolent software in the future.

Source and Images: Malwarebytes Labs

Report a problem with article
Next Article

Save 65% off a lifetime subscription to Hotspot Shield Elite Plus VPN

Previous Article

Microsoft cuts Xbox 360 price again in the UK; now £129.99 with Forza Horizon 2

Join the conversation!

Login or Sign Up to read and post a comment.

48 Comments - Add comment