We’ve found yet another malware piece, this time it is a ransomware to take some of your money. Once you get infected (you can receive it in a number of different ways, most likely via spam messages and P2P), your computer is restarted. What for? Well, the malware installs itself to run every time your computer is started. And at the very beginning, just after you log in, it will show you the following screen:
With my English an Spanish knowledge I was able to understand what it was saying in German, but I translated it just in case. The threat is clear: your Microsoft Windows authenticity could not be verified, you need to have it fixed, which is just a 100? payment. They give you the payment instructions and before saying goodbye they let you know that in case you don’t pay you’ll lose access to the computer and will lose all your data, as well as that the district attorney’s office has already your IP address and that you’ll be prosecuted in case you fail to pay the 100? in 48 hours.
Well, that would scare anyone that doesn’t know this is a ransomware attack. When you go to the website announced in the previous screen, this is what you get:
Once you enter the code given in the first screen, you are redirected to another web where you can fill all your data, so they can charge you with 100?… to start with. Once you have sent them your data, they tell you you’ll get an activation code within 24 hours when they have confirmed that your credit card is working. Well, for all of you that wouldn’t like to pay anything to these bastards, this is the code you can use to deactivate it:
Doing that your computer will be restarted and the registry key created by this malware (detected as Ransom.AN) will be removed, as well as the malware file. Anyway, once you know you’ve been infected with a piece of malware you don’t know how many you may have there, so it is worth giving a try to our free Panda Cloud AntiVirus.
Leave a reply