It’s been a while since I’ve had occasion to talk about the issues that sometimes link tech support scams and ransomware, but now a couple of relevant items have come along more or less simultaneously. First, let’s look at the malware Symantec calls Trojan.Ransomlock.AT.
Symantec describes ‘a new ransomware variant that pretends to originate from Microsoft and uses social engineering techniques to trick the victim into calling a toll-free number to “reactivate” Windows.’ (That is, to unlock the computer.) The article is here: New ransomware mimics Microsoft activation window. The Symantec researchers tried to contact the ‘helpline’ number 1-888-303-5121 but gave up after 90 minutes of on-hold music and messages. Interestingly, a web search for that number turns up dozens of links to sites claiming to help ‘remove’ the number, which Symantec believes to have been promoted by the ransomware operators or their affiliates.
Fortunately, they spent less time on concealing the unlock code, for the moment at any rate. Symantec tells us that ‘Victims of this threat can unlock their computer using the code: 8716098676542789’.