Cybercriminals Combine Ransomware with Survey Offers to Make a Profit

The crooks forgot something very important in this particular case

By on December 15th, 2012 19:01 GMT

Cybercriminals have often used ransomware to lock up the computer screens of their victims and force them to pay a “fine” if they wanted them unlocked. They’ve also often relied on surveys, spread via Facebook, to make money via affiliate programs.

However, until now, they’ve never combined the two malicious methods.

GFI Labs experts inform that the latest ransomware locks up the screens of Internet users, but doesn’t order them to pay a ransom and it doesn’t accuse them of downloading illegal content. Instead, it tells them to complete a survey in order to unlock the device.

“This page will immediately unlock and restore normal access upon your participation in an offer below. Please use valid information. Your desktop was locked. Complete an offer below to unlock your desktop,” reads the warning that pops up on the screen.

Based on their location, victims are asked to complete various surveys. They’re promised all sorts of prizes in return for a few clicks but, as always, no one wins anything except the crooks.

So how do you get rid of it?

First of all, if you have a decent antivirus solution, it will likely detect the threat – disguised as a file called svchost.exe – before it can cause any damage.

However, if the malware slips by and manages to lock down your screen, there’s an easy way to get rid of it. Interestingly, the malware author forgot to ensure that the screen is properly locked down, and victims are allowed to access the operating system’s task manager by pressing the CTRL+ALT+DEL combination.

All you need to do is open the task manager, select the process called “Locker,” and press the “End Task” button. This should unlock the computer.

While this is a fairly harmless threat, other pieces of ransomware are far more dangerous. This is why users are always recommended to avoid executing suspicious files and always ensure that their machines are protected by security solutions.

Comments