{"id":8920,"date":"2016-05-17T12:56:30","date_gmt":"2016-05-17T16:56:30","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8920"},"modified":"2016-05-17T12:56:30","modified_gmt":"2016-05-17T16:56:30","slug":"8920","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/17\/8920\/","title":{"rendered":"Tech support scammers now utilizing ransomware-like lock screens to threaten people"},"content":{"rendered":"

By Justin Luna | Neowin<\/a><\/p>\n

\"\"<\/p>\n

Some of us may be very well aware of the classic tech support scam<\/a> stories, where a man randomly calls people, and informs them that they are from “Windows company” and that the call recipient’s computer has been detected full of viruses. These cold callers then use fake Blue Screen of Deaths, and make the victim think there really is something wrong with their PC.<\/p>\n

Tactics like these can be easily terminated, with the use of a few built-in Windows tools, as well as a few keystrokes. However, scammers have been seen improving their game, and are now incorporating lock screens, in order to threaten a user even more.<\/p>\n

This technique can be attributed to the infamous ransomware<\/a>, where a malicious program encrypts a user’s computer files, and sets a PC to be stuck on a lock screen prompting them to pay up.<\/p>\n

As for this one, the scammers trick the victims into thinking that their Windows’ license has expired, and then removes any ability for the user to control their computer. “This is not a fake browser pop up that can easily be terminated by killing the application or restarting the PC. No, this is essentially a piece of malware that starts automatically, and typical Alt+F4 or Windows key tricks will not get rid of it,” according to J\u00e9r\u00f4me Segura of Malwarebytes Labs<\/a>.<\/p>\n

There is an entire ecosystem on how these malware are being distributed, one of which includes bundling them into Pay Per Install applications. “What you thought was a PC optimizer or Flash Player update turns out to be a bunch of useless toolbars and, in some cases, one of these lockers,” said Segura.<\/p>\n

A security researcher, @TheWack0lian<\/a> has shared a sample on how the new tech support scam tactic works. Through a genuine-looking Microsoft program, which installs without any particular incident, the malware waits for the user to restart their system. Upon rebooting, a user will be welcomed by what looks like Windows configuring updates, though this is already the malware kicking in.<\/p>\n

\"\"<\/p>\n

Once its “process” is done, it displays an error screen saying that the user’s Windows license is expired. It even takes the time to display the user’s current license key and computer name, to make it look more legitimate.<\/p>\n

Now, to be able to unlock the system, the only choice a user has is to dial the number flashed on the screen, leading them into the said cold tech support scammers who are eager to steal victims’ personal information, as well as their credit card number. Calling the number, it was discovered by the researchers that there is a hidden functionality to the locker. Pressing Ctrl+Shift+T will display an installer for TeamViewer, a remote access computer program. However, the scammer refused to proceed with unlocking the computer unless a payment of $250 is made.<\/p>\n

Fortunately, the researchers were able to find a way to bypass the lock screen. Victims of the said issue can press Ctrl+Shift and then the S key. Alternatively, a user can enter either “h7c9-7c67-jb” or “g6r-qrp6-h2” or “yt-mq-6w” into the “Product Key” field to be able to unlock the PC. This however, might only work for some versions of the rogue program.<\/p>\n

With these kinds of programs rapidly evolving right before our eyes, it is very alarming to see how much these kinds of malware can take many innocent and susceptible people hostage, and play on their fears in addition to stealing money from them.<\/p>\n

It always pays to be wary of where we always go on the internet, as well as what links we click on. Also, a good security software is always handy, to be able to block out the malware that can possibly not only ruin our computers, but also possibly a part of our lives.<\/p>\n","protected":false},"excerpt":{"rendered":"

By Justin Luna | Neowin Some of us may be very well aware of the classic tech support scam stories, […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9,11],"tags":[655,888,939,1071],"class_list":["post-8920","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-windows","tag-malware","tag-ransomware","tag-scam","tag-tech-support-scam"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/sapNkV-8920","jetpack-related-posts":[{"id":9297,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/02\/11\/this-week-in-tech-653-x-stands-for-nothing\/","url_meta":{"origin":8920,"position":0},"title":"This Week in Tech 653: X Stands for Nothing","author":"NCCT","date":"February 11, 2018","format":false,"excerpt":"https:\/\/youtu.be\/9vdjtG9ozeQ HomePod should have been delayed longer. Elon Musk's rollercoaster week: Falcon Heavy sends a Tesla to Mars just as Tesla has its worst quarter ever. iPhone boot code leaked online. Chrome will shame insecure websites. YouTube suspends Logan Paul for generally being a horrible human being. Rethinking Facebook and\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/9vdjtG9ozeQ\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9446,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/12\/03\/friends-in-bikinis-this-week-in-tech-695\/","url_meta":{"origin":8920,"position":1},"title":"Friends in Bikinis – This Week in Tech 695","author":"NCCT","date":"December 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/puMBVNv91ZU - Black Friday was Amazon's biggest sales day ever - Marriott Hack hit half a billion Starwood guests for 4 years - Indian Microsoft scammers busted - Amazon's new machine learning racecar, quantum blockchain, and more from re:Invent - When is Amazon rolling out Prime Health? - UK grabs\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/puMBVNv91ZU\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9655,"url":"https:\/\/nccomputertech.com\/techtalk\/2021\/03\/09\/fuquay-varina-and-holly-springs-computer-repair\/","url_meta":{"origin":8920,"position":2},"title":"Fuquay Varina and Holly Springs Computer Repair","author":"NCCT","date":"March 9, 2021","format":false,"excerpt":"Welcome to our blog. NC Computer Tech services Fuquay Varina, Holly Springs, and surrounding NC areas. We offer prompt, professional, courteous service with over twenty years of experience dealing with residential and small business clients offering them solutions and fixing their computer and network issues at reasonable rates. Our services\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9428,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/10\/28\/all-the-presidents-phones-this-week-in-tech-690\/","url_meta":{"origin":8920,"position":3},"title":"All the President’s Phones – This Week in Tech 690","author":"NCCT","date":"October 28, 2018","format":false,"excerpt":"https:\/\/youtu.be\/pmfcU05twvo IBM buys Red Hat, worst Windows 10 ever, Right to Repair wins, and more. -- What's in store for Apple's big event this Tuesday? -- Tim Cook vs the \"data industrial complex\" -- Amazon's government controversies -- IBM buys Red Hat for $34 billion - the largest software purchase\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/pmfcU05twvo\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9472,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/12\/30\/our-years-best-this-week-in-tech-699\/","url_meta":{"origin":8920,"position":4},"title":"Our Year’s Best – This Week in Tech 699","author":"NCCT","date":"December 30, 2018","format":false,"excerpt":"https:\/\/youtu.be\/gz77WILat9o The Best of TWiT from 2018! Host: Leo Laporte","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/gz77WILat9o\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9405,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/10\/07\/odorless-and-weightless-hackers-this-week-in-tech-687\/","url_meta":{"origin":8920,"position":5},"title":"Odorless and Weightless Hackers – This Week in Tech 687","author":"NCCT","date":"October 7, 2018","format":false,"excerpt":"https:\/\/youtu.be\/lb4rnqfNdas Chinese Spy Chips, Microsoft Highs and Lows, Pixel 3 Event Predictions, and More! Bloomberg reports that China used tiny chips to spy on Apple, Amazon, and the US government. Apple and Amazon deny it. How do we know who is right? All the news from the Microsoft Surface event,\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/lb4rnqfNdas\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8920"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8920\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}