Windows ransomware poses as Microsoft

Heads up Microsoft Windows users, it appears that a new ransomware was spotted by Panda Labs. For those unfamiliar, ransomwares are basically a form of malware that, as the name suggests, holds the user hostage, demanding a ransom before restoring the system back to normal.

According to Panda Labs, this latest ransomware infects in the usual manner – spam messages (i.e. spam IM messages, emails, websites etc) and P2P (peer-to-peer). As always it’s best to take precaution when visiting sites that seem dubious and to avoid clicking links that you’re unfamiliar with.

This piece of ransomware is pretty persistent and appears to install itself every time you boot your computer and will prompt you with the screen that is pictured above. It’s in German, but after translation it basically tells you that the authenticity of your Windows software cannot be verified and that a fee of €100 is required to “fix” the problem, otherwise your IP address, which they claim has been logged, will be sent to the district attorney’s office where you will be prosecuted for use of illegal software.

You will then be taken to a website where you are asked to purchase an activation code, and you will be asked to fill up your data along with credit card information. Naturally for those with legit copies of Windows won’t be worried, but we’re guessing there are a few out there with illegally downloaded copies of Windows who may or may not be tricked by this ransomware.

The good news is that Panda Labs has an activation code (QRT5T5FJQE53BGXT9HHJW53YT) that you can use to deactivate the malware, which when used restarts your computer and removes the registry created by the malware along with the malware itself.

Tyler Lee
Categories: Computers
Tags: Malware, Microsoft, Security, virus, Windows