You are here: Home > New RansomWare – United States Cyber Security

New RansomWare – United States Cyber Security

Over the weekend I got a nice little treat from a new client – New RansomWare!  The client called me to verify that what he was seeing on his PC was a fake message.  I told him yes.  The United States Gov does not lock your pc down and demand $200 via MoneyPak to unlock it.  

The ransomware was a fake ctfmon.exe (or it was legit and had the ransomware injected into it…I don’t remember).  I used the Kaspersky Rescue Disk to detect and remove the ransomeware.

Here are some pictures I took of the RansomWare:

The pic below is what you’ll see when you start windows – A bogus message from “United States Cyber Security”

RansomWare - United States Cyber Security

Now they tell you how to “unblock” the computer and that it’ll cost ya $200 via MoneyPak.

RansomWare - How to Unlock Computer

Oh look!  They’re even nice enough to tell ya where you can buy MoneyPaks.

RansomWare - Where you can buy MoneyPak

 

Once you’ve bought your Moneypak you enter the code in below and wait 1 – 24 hours.

RansomWare Asking for MoneyPak

 


 

, , ,

  • http://twitter.com/myHelpfulNerd myHelpfulNerd

    Been seeing this one a lot the past couple months. My favorite part is the fake webcam feed in the upper-right!

    • mrizos

      Lol, yeah I forgot to take a pic of that. I still gave them the finger on the off chance I was being recorded.

      • http://techmansworld.blogspot.com/ncr Michael Hazell

        Yeah that’s good matt. Tell ‘em who’ boss!

  • BraveRaymondShaw

    That is hilarious!

    By the way, how many of your clients fall for these kinds of things, especially when compared to years ago before rogues/ransomware programs were well-publicized threats?

    • http://techmansworld.blogspot.com/ncr Michael Hazell

      I hope not a lot of them fall for it. My mom almost fell for a webpage that pretended to be a av. Goog thing I was around to stop the download of an exe.

    • mrizos

      Funny you should ask. As I saw your comment a client just texted me and said that she allowed a “microsoft tech” access her computer because he said they detected people from Nigeria trying to access it…oh boy…I had to “talk her off the ledge”. More work for tonight I suppose.

      Anyway, it’s usually about 20% of the people I meet.

    • Xystren

      They go in waves of being “well-publicized” and being aware of these threats, then Kirsten Stewart cheats on Edward and all the “well-publicized” is forgotten. The other problem is, the reports tend to be very specific, and are not generalizable to the next flavor that happens to come out. Many don’t see “Ransom-A” to be similar to “Ransom-B.” We get the concept of what ransom-ware is, where they only see Ransom-A, and when Ransom-G comes along they think, “Hey, it’s not Ranson-A, so I’m fine.”

      It comes down to learning about these things has become operationalized/proceduralized (which does have it’s place), but if you don’t understand the underlying constructs and concepts, when things deviate from the procedures you end up being in unknown territory – when you know the concepts, you are better equipped to manage those deviations and you can generally go “Hmm, this doesn’t seem right.”

      There are 10 kinds of people in this world – those that get it and those than don’t…and if you understand binary, you tend to get it a “bit” more.

      • Xystren

        I’m disappointed no one commented on the 10 kinds of people comment – I was positive the crew here would appreciate it..

  • Adam Bottjen

    One time I got a call from one of my customers who had a Fake AV on her computer. So she gave it her credit card number. It said “Invalid credit card number” So she tried a different card. Same error. So she tried a different card. Same error. So in her last ditch attempt to purchase the Malware she got her husbands credit card and tried that. True story! If only you knew this woman, it would make the story so much funnier.

  • Rman

    Thiese spammers and hackers will never learn.

    • Adam Bottjen

      Learn what?

    • Xystren

      Personally, I think the spammer and hackers have it right – it’s the general non-technical user-base that seems to never learn.

      Let’s face it, the reason these types of things keep coming around, is because there is someone that is responding to them. And when you think of it, there is very little outlay on the spammer/hacker part, even with only a half percent falling for the ransom tactic, they are still making a boatload.

      • ZOU

        Yep, whether capitalist or communist, corrupt or legit, supply and demand rule the day.

  • ZOU

    “The United States Gov does not lock your pc down and demand $200 via MoneyPak to unlock it.”

    Not yet, anyway.

  • CMaderaTM

    I Had A clients Laptop with same message. I Used Hitman Pro, Everyday it becomes funnier how other try to scam people with these.

  • shre12345

    whatever..the bad guys are up to…but the antivirus companies and yet struggling to keep up with the current huge influx of malware that comes out daily!! :P

  • The Official Geek

    Hey all I just wanted to say here in Louisiana I have seen prolly 20 the last month alone but it did not say this it had “FBI” but used the same method….also wanted to say people don’t realize that AV make viruses to it keeps them making $$$$$.

  • estechguy01

    I love the BS IP address on the first pic!

  • Pingback: Avast is First Free Antivirus for Windows 8, Preparing My Windows 8 Test Box ... - Remove-Malware.com