New RansomWare – United States Cyber Security

Over the weekend I got a nice little treat from a new client – New RansomWare!  The client called me to verify that what he was seeing on his PC was a fake message.  I told him yes.  The United States Gov does not lock your pc down and demand $200 via MoneyPak to unlock it.  

The ransomware was a fake ctfmon.exe (or it was legit and had the ransomware injected into it…I don’t remember).  I used the Kaspersky Rescue Disk to detect and remove the ransomeware.

Here are some pictures I took of the RansomWare:

The pic below is what you’ll see when you start windows – A bogus message from “United States Cyber Security”

RansomWare - United States Cyber Security

Now they tell you how to “unblock” the computer and that it’ll cost ya $200 via MoneyPak.

RansomWare - How to Unlock Computer

Oh look!  They’re even nice enough to tell ya where you can buy MoneyPaks.

RansomWare - Where you can buy MoneyPak


Once you’ve bought your Moneypak you enter the code in below and wait 1 – 24 hours.

RansomWare Asking for MoneyPak



, , ,

19 Responses to New RansomWare – United States Cyber Security

  1. myHelpfulNerd September 5, 2012 at 7:29 pm #

    Been seeing this one a lot the past couple months. My favorite part is the fake webcam feed in the upper-right!

    • mrizos September 5, 2012 at 8:38 pm #

      Lol, yeah I forgot to take a pic of that. I still gave them the finger on the off chance I was being recorded.

      • Michael Hazell September 6, 2012 at 10:53 am #

        Yeah that’s good matt. Tell ’em who’ boss!

  2. BraveRaymondShaw September 6, 2012 at 5:57 am #

    That is hilarious!

    By the way, how many of your clients fall for these kinds of things, especially when compared to years ago before rogues/ransomware programs were well-publicized threats?

    • Michael Hazell September 6, 2012 at 10:52 am #

      I hope not a lot of them fall for it. My mom almost fell for a webpage that pretended to be a av. Goog thing I was around to stop the download of an exe.

    • mrizos September 6, 2012 at 1:51 pm #

      Funny you should ask. As I saw your comment a client just texted me and said that she allowed a “microsoft tech” access her computer because he said they detected people from Nigeria trying to access it…oh boy…I had to “talk her off the ledge”. More work for tonight I suppose.

      Anyway, it’s usually about 20% of the people I meet.

    • Xystren September 8, 2012 at 9:13 pm #

      They go in waves of being “well-publicized” and being aware of these threats, then Kirsten Stewart cheats on Edward and all the “well-publicized” is forgotten. The other problem is, the reports tend to be very specific, and are not generalizable to the next flavor that happens to come out. Many don’t see “Ransom-A” to be similar to “Ransom-B.” We get the concept of what ransom-ware is, where they only see Ransom-A, and when Ransom-G comes along they think, “Hey, it’s not Ranson-A, so I’m fine.”

      It comes down to learning about these things has become operationalized/proceduralized (which does have it’s place), but if you don’t understand the underlying constructs and concepts, when things deviate from the procedures you end up being in unknown territory – when you know the concepts, you are better equipped to manage those deviations and you can generally go “Hmm, this doesn’t seem right.”

      There are 10 kinds of people in this world – those that get it and those than don’t…and if you understand binary, you tend to get it a “bit” more.

      • Xystren September 16, 2012 at 3:47 am #

        I’m disappointed no one commented on the 10 kinds of people comment – I was positive the crew here would appreciate it..

  3. Adam Bottjen September 6, 2012 at 3:12 pm #

    One time I got a call from one of my customers who had a Fake AV on her computer. So she gave it her credit card number. It said “Invalid credit card number” So she tried a different card. Same error. So she tried a different card. Same error. So in her last ditch attempt to purchase the Malware she got her husbands credit card and tried that. True story! If only you knew this woman, it would make the story so much funnier.

  4. Rman September 6, 2012 at 3:13 pm #

    Thiese spammers and hackers will never learn.

    • Adam Bottjen September 6, 2012 at 8:18 pm #

      Learn what?

    • Xystren September 8, 2012 at 8:51 pm #

      Personally, I think the spammer and hackers have it right – it’s the general non-technical user-base that seems to never learn.

      Let’s face it, the reason these types of things keep coming around, is because there is someone that is responding to them. And when you think of it, there is very little outlay on the spammer/hacker part, even with only a half percent falling for the ransom tactic, they are still making a boatload.

      • ZOU September 9, 2012 at 4:52 pm #

        Yep, whether capitalist or communist, corrupt or legit, supply and demand rule the day.

  5. ZOU September 8, 2012 at 12:33 pm #

    “The United States Gov does not lock your pc down and demand $200 via MoneyPak to unlock it.”

    Not yet, anyway.

  6. CMaderaTM September 16, 2012 at 9:28 pm #

    I Had A clients Laptop with same message. I Used Hitman Pro, Everyday it becomes funnier how other try to scam people with these.

  7. shre12345 September 18, 2012 at 8:38 am #

    whatever..the bad guys are up to…but the antivirus companies and yet struggling to keep up with the current huge influx of malware that comes out daily!! 😛

  8. The Official Geek October 17, 2012 at 6:02 am #

    Hey all I just wanted to say here in Louisiana I have seen prolly 20 the last month alone but it did not say this it had “FBI” but used the same method….also wanted to say people don’t realize that AV make viruses to it keeps them making $$$$$.

  9. estechguy01 November 4, 2012 at 6:28 pm #

    I love the BS IP address on the first pic!


  1. Avast is First Free Antivirus for Windows 8, Preparing My Windows 8 Test Box ... - - November 6, 2012

    […] as you can see from the image below I’m ready to roll.The fake FBI ransomware I discussed here is getting updated a couple of times a day to evade signature based anti-malware.  One of our […]

Leave a Reply