Ransomware Can Strike Anywhere This past weekend, various postgraduate students in France ended their academic year by making final modifications in their theses.
On Sunday, I assisted some of them. While browsing the Internet for some last-minute data, they suffered the fright of their lives: the sudden closing of their Microsoft Word software–without prompting to save their data–no more Internet access, the inability to reopen any application, and a series of pop-up windows warning of a malware infection and asking for a payment (US$89.95) to remove the threat and restore their systems.
Larger PictureIn this case the students had searched for some Facebook statistics to finalize their studies and joined a WordPress blog, which would never be suspect but was infected with “ransomware”–fake-alert malware that pretends to be security software and requires a “subscription” to clean the system.
Larger PictureA half-hour later, I was able to locate the copies of their unsaved precious documents (*.asd files in the C:\Users\[Username]\AppData\Roaming\Microsoft\Word\) and to recover them on a clean computer. The disaster averted, I restarted the infected computers in Safe Mode, cleaned the registries, and extracted the malicious file for my own use.
Larger PictureI discovered the malware has been detected and cleaned as FakeAlert-SecurityTool.er with our most recent DAT files.
I share this story to remind you that malware does not happen only to others. Three students almost lost the culmination to their scholastic efforts. In other circumstances, the situation could have perhaps escalated to more critical results. Individuals making scareware and ransomware prey on the fear of their victims to extort money. Malware researchers are doing their part; we will be satisfied only when these crooks end up behind bars
Orginal article: Tuesday, June 19, 2012 at 10:30am by Francois Paget