Malwarebytes warns of new series of ransomware attacks

Nov 29, 2016 12:53 GMT  ·  By

Security company Malwarebytes warns of a new series of ransomware attacks that are trying to connect victims with fake Microsoft support engineers who are trying to steal their personal details and money.

A new so-called “VIndows Locker” ransomware infects users’ computers and encrypts files with the .vindows extension, aiming to convince users to call a fake Microsoft support phone number that would attempt to repair the system in exchange for money.

Users whose computers are being infected are provided with the following message, which asks for a $350 ransom in exchange for unlocking files:


this not microsoft vindows support
we have locked your files with the zeus virus
do one thing and call level 5 microsoft support technician at
1-844-609-3192
you will files back for a one time charge of $349.99
In most of the cases, cybercriminals turning to ransomware use Bitcoin or other forms of payments, but as far as Vindows creators are concerned, they are actually trying to convince users to call an alleged Microsoft support number and ask for repairs.

How to remove a Vindows infection

In case the victim indeed calls the phone number, the fake Microsoft engineer recommends fixes that are available for $350 and in exchange opens forms on the victim’s computer that ask for personal details and credit card information.

“To trick users, the technician opens up the real Microsoft support page and quickly pastes a shortened URL in the address bar. This redirects to the payment page which is actually a custom web form, powered by JotForm, a legitimate online form builder. If you proceed to fill in your information, you will be giving your hardearned cash to a bunch of online crooks who will never retrieve your files anyway,” Malwarebytes explains.

The security firm has also developed a dedicated tool to remove the ransomware should your computer be infected, and you can download it here. To learn how to use it, check out the box below that includes the instructions provided by Malwarebytes itself.