Tuesday, December 18, 2012

Ransomware Variant Wants You to Take Surveys to "Unlock" Your PC

Warning!Typically when ransomware takes hold of a computer, it prevents users from accessing their files and demands a couple hundred dollars to regain access.

It seems as though cybercriminals are shaking things up a bit, as GFI Labs researchers recently discovered a new ransomware variant that locks users out of their systems & demands that they complete (an unknown number of) online surveys to unlock it.

Although the researchers didn’t disclose where the ransomware sample came from, they did warn that the threat comes disguised as a filed named “svchost.exe,” although there’s no telling why a user would willingly execute said file.

Either way, should a user make the mistake of running it, they will be locked out of their desktop and presented with the following popup window:

Ransomware Demands You Take SurveysScreenshot Credit: GFI Labs

Unlock this Page to Continue!

This page will immediately unlock and restore normal access upon your participation in an offer below. Please use valid information!

Completions      Reload Offers    My History

Your desktop was locked. Complete an offer below to unlock your desktop!

Your desktop was locked. Complete an offer below to unlock your desktop!

Mystery Shoppers Needed! Earn a £100 ASDA Voucher!
Win a brand new iPhone 4S! Choose Your Colour!
Chance to WIN a £500 Amazon Voucher!
Testers Needed for the iPhone 5!
Win an Apple Macbook Pro + iPhone 4s or iMac + the new iPad!
WIN an iPhone 5 or iPad 3!

Complete an offer to continue »

Fortunately, users don’t have to adhere to the demands of the ransomware or take their PC in for servicing to escape the evil clutches of this particular ransomware. All they have to do is hit Ctrl + Alt + Del and end the mysterious “Locker” process in Task Manager and voila! You can go about your business, which hopefully involves running a full system scan using your antivirus software to remove the infection.

GFI’s security solution, VIPRE Antivirus detects the malicious files associated with this threat as Trojan.Win32.Generic!BT; however, as the name implies, this name covers a wide variety of malicious apps so other antivirus programs may detect it under a different name.

Of course, the best way to deal with ransomware – or any other malware for that matter – is to do all you can to prevent your system from getting infected in the first place. With that, here are some tips to help keep your PC safe:

  • Do not click on links or download files attached to unsolicited emails.

  • Exercise caution when following suspicious links or shortened URLs (always use a URL expander to check the destination URL first).

  • Keep your operating system and third-party software fully patched and up-to-date.

  • Always run antivirus/anti-malware software, keep the virus definitions current and scan your system on a regular basis.

  • Use a Windows user account that has limited privileges (unable to install software).

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment