{"id":8920,"date":"2016-05-17T12:56:30","date_gmt":"2016-05-17T16:56:30","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8920"},"modified":"2016-05-17T12:56:30","modified_gmt":"2016-05-17T16:56:30","slug":"8920","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/17\/8920\/","title":{"rendered":"Tech support scammers now utilizing ransomware-like lock screens to threaten people"},"content":{"rendered":"

By Justin Luna | Neowin<\/a><\/p>\n

\"\"<\/p>\n

Some of us may be very well aware of the classic tech support scam<\/a> stories, where a man randomly calls people, and informs them that they are from “Windows company” and that the call recipient’s computer has been detected full of viruses. These cold callers then use fake Blue Screen of Deaths, and make the victim think there really is something wrong with their PC.<\/p>\n

Tactics like these can be easily terminated, with the use of a few built-in Windows tools, as well as a few keystrokes. However, scammers have been seen improving their game, and are now incorporating lock screens, in order to threaten a user even more.<\/p>\n

This technique can be attributed to the infamous ransomware<\/a>, where a malicious program encrypts a user’s computer files, and sets a PC to be stuck on a lock screen prompting them to pay up.<\/p>\n

As for this one, the scammers trick the victims into thinking that their Windows’ license has expired, and then removes any ability for the user to control their computer. “This is not a fake browser pop up that can easily be terminated by killing the application or restarting the PC. No, this is essentially a piece of malware that starts automatically, and typical Alt+F4 or Windows key tricks will not get rid of it,” according to J\u00e9r\u00f4me Segura of Malwarebytes Labs<\/a>.<\/p>\n

There is an entire ecosystem on how these malware are being distributed, one of which includes bundling them into Pay Per Install applications. “What you thought was a PC optimizer or Flash Player update turns out to be a bunch of useless toolbars and, in some cases, one of these lockers,” said Segura.<\/p>\n

A security researcher, @TheWack0lian<\/a> has shared a sample on how the new tech support scam tactic works. Through a genuine-looking Microsoft program, which installs without any particular incident, the malware waits for the user to restart their system. Upon rebooting, a user will be welcomed by what looks like Windows configuring updates, though this is already the malware kicking in.<\/p>\n

\"\"<\/p>\n

Once its “process” is done, it displays an error screen saying that the user’s Windows license is expired. It even takes the time to display the user’s current license key and computer name, to make it look more legitimate.<\/p>\n

Now, to be able to unlock the system, the only choice a user has is to dial the number flashed on the screen, leading them into the said cold tech support scammers who are eager to steal victims’ personal information, as well as their credit card number. Calling the number, it was discovered by the researchers that there is a hidden functionality to the locker. Pressing Ctrl+Shift+T will display an installer for TeamViewer, a remote access computer program. However, the scammer refused to proceed with unlocking the computer unless a payment of $250 is made.<\/p>\n

Fortunately, the researchers were able to find a way to bypass the lock screen. Victims of the said issue can press Ctrl+Shift and then the S key. Alternatively, a user can enter either “h7c9-7c67-jb” or “g6r-qrp6-h2” or “yt-mq-6w” into the “Product Key” field to be able to unlock the PC. This however, might only work for some versions of the rogue program.<\/p>\n

With these kinds of programs rapidly evolving right before our eyes, it is very alarming to see how much these kinds of malware can take many innocent and susceptible people hostage, and play on their fears in addition to stealing money from them.<\/p>\n

It always pays to be wary of where we always go on the internet, as well as what links we click on. Also, a good security software is always handy, to be able to block out the malware that can possibly not only ruin our computers, but also possibly a part of our lives.<\/p>\n","protected":false},"excerpt":{"rendered":"

By Justin Luna | Neowin Some of us may be very well aware of the classic tech support scam stories, […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9,11],"tags":[655,888,939,1071],"class_list":["post-8920","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-windows","tag-malware","tag-ransomware","tag-scam","tag-tech-support-scam"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/sapNkV-8920","jetpack-related-posts":[{"id":8721,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/05\/nasty-new-ransomware-program-threatens-to-leak-your-files-online\/","url_meta":{"origin":8920,"position":0},"title":"Nasty new ransomware program threatens to leak your files online","author":"NCCT","date":"November 5, 2015","format":false,"excerpt":"Lucian Constantin | PCWorld Ransomware creators have taken their extortion one step further: in addition to encrypting people\u2019s private files and asking for money before releasing a key, they now threaten to publish those files on the Internet if they\u2019re not paid. This worrying development has recently been observed in\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8899,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/04\/24\/this-week-in-tech-559-ew-eu\/","url_meta":{"origin":8920,"position":1},"title":"This Week in Tech 559: Ew, EU!","author":"NCCT","date":"April 24, 2016","format":false,"excerpt":"https:\/\/youtu.be\/Bn-OiQXQvac Host: Leo Laporte Guests: Christina Warren, Serenity Caldwell, and Roberto Baldwin Apple\u2019s recycled gold, Kindle book scam, Uber tips, Magic Leap questions, and more.","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/Bn-OiQXQvac\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9297,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/02\/11\/this-week-in-tech-653-x-stands-for-nothing\/","url_meta":{"origin":8920,"position":2},"title":"This Week in Tech 653: X Stands for Nothing","author":"NCCT","date":"February 11, 2018","format":false,"excerpt":"https:\/\/youtu.be\/9vdjtG9ozeQ HomePod should have been delayed longer. Elon Musk's rollercoaster week: Falcon Heavy sends a Tesla to Mars just as Tesla has its worst quarter ever. iPhone boot code leaked online. Chrome will shame insecure websites. YouTube suspends Logan Paul for generally being a horrible human being. Rethinking Facebook and\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/9vdjtG9ozeQ\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":6209,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/12\/classic-facebook-color-changer-scam-makes-another-comeback\/","url_meta":{"origin":8920,"position":3},"title":"Classic Facebook “Color Changer” scam makes another comeback","author":"NCCT","date":"August 12, 2014","format":false,"excerpt":"On Facebook, some scams are so alluring that they seem to live forever. So it goes with \u201cFacebook Color Changer,\u201d a new malware attack that masquerades as a way to change the appearance of Facebook\u2019s Website. Security firm Cheetah Mobile claims that the latest scam has affected more than 10,000\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9446,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/12\/03\/friends-in-bikinis-this-week-in-tech-695\/","url_meta":{"origin":8920,"position":4},"title":"Friends in Bikinis – This Week in Tech 695","author":"NCCT","date":"December 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/puMBVNv91ZU - Black Friday was Amazon's biggest sales day ever - Marriott Hack hit half a billion Starwood guests for 4 years - Indian Microsoft scammers busted - Amazon's new machine learning racecar, quantum blockchain, and more from re:Invent - When is Amazon rolling out Prime Health? - UK grabs\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/puMBVNv91ZU\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2939,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/07\/15\/ransomware-targets-smaller-businesses-security-ceo-warns\/","url_meta":{"origin":8920,"position":5},"title":"Ransomware targets smaller businesses, security CEO warns","author":"NCCT","date":"July 15, 2013","format":false,"excerpt":"Trending cyber attacks such as ransomware may be typically overlooked by small and midsize businesses, but the CEO of security firm Lumension warns that they are actually in the line of fire. Pat Clawson, LumensionPat Clawson Around the world, ransomware has been proved to be effective in midsized business environments\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8920"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8920\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}