Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - "microsoft support" calls - now with ransomware InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

"microsoft support" calls - now with ransomware

Published: 2013-10-02
Last Updated: 2013-10-02 04:16:32 UTC
by Mark Hofman (Version: 1)
3 comment(s)

Most of us are familiar with the "microsoft support" call.  A phone call is received, the person states they are from "microsoft support" and they have been alerted that your machine is infected.  The person will assist you by having you install a remote desktop tool such as teamviewer or similar (we have seen many different versions).  

Previously they would install software that would bug you until you paid the "subscription fee".  As the father of a friend found out the other day, when he received a call.  They now install ransomware which will lock the person out of their computer until a fee has been been paid.  In this instance it was done quite early in the "support" call so even disconnecting when smelling a rat it was to late.  

The ransomware itself looks like it replaced some start up paramters to kick in the lockout rather than encrypting the drive or key elements of the machine.  However for most users that would be enough to deny access.  

So in the spirit of Cyber Security Awareness Month make this month one where you let your non-IT friends and family know two things.  Firstly, BACKUP YOUR STUFF.  Secondly, tell them "when you receve a call from "microsoft support", the correct response is to hang up.".    

Cheers

Mark H

Keywords:
3 comment(s)
Diary Archives