"microsoft support" calls - now with ransomware

Published: 2013-10-02
Last Updated: 2013-10-02 04:16:32 UTC
by Mark Hofman (Version: 1)
3 comment(s)

Most of us are familiar with the "microsoft support" call.  A phone call is received, the person states they are from "microsoft support" and they have been alerted that your machine is infected.  The person will assist you by having you install a remote desktop tool such as teamviewer or similar (we have seen many different versions).  

Previously they would install software that would bug you until you paid the "subscription fee".  As the father of a friend found out the other day, when he received a call.  They now install ransomware which will lock the person out of their computer until a fee has been been paid.  In this instance it was done quite early in the "support" call so even disconnecting when smelling a rat it was to late.  

The ransomware itself looks like it replaced some start up paramters to kick in the lockout rather than encrypting the drive or key elements of the machine.  However for most users that would be enough to deny access.  

So in the spirit of Cyber Security Awareness Month make this month one where you let your non-IT friends and family know two things.  Firstly, BACKUP YOUR STUFF.  Secondly, tell them "when you receve a call from "microsoft support", the correct response is to hang up.".    


Mark H

3 comment(s)


John Strand did a great job of freaking one of these guys out

Next time they call I have a throw away W7 virtual machine with a few mods ... this outta be fun.
See, we IT people can get even.. I have a honeypot machine.. sure come on in, poor things their hand is stuck.

Diary Archives