Discovered by Jakub Kroustek, reverse engineer and malware analyst over at Avast, Vindows Locker (not a typo) employs the use of technical support scams in order to demand the ransom from its victims. It will display the following ransom note, which includes a picture of an Indian tech scammer.Malwarebytes was able to develop a tool to decrypt affected files, it can be downloaded over here.
"this not microsoft vindows support
we have locked your files with the zeus virus
do one thing and call level 5 microsoft support technician at 1-844-609-3192
you will files back for a one time charge of $349.99"
Ransomware lets you call fake Microsoft support to unlock your system
Posted on Tuesday, November 29 2016 @ 16:08 CET by Thomas De Maesschalck
Neowin writes about a new piece of ransomware called Vindows Locker (not a typo). Once your system is infected, this ransomware shows a message urging you to call a fake Microsoft support number to get your files back for a charge of $349.99. The scam was discovered by Avast malware analyst Jakub Kroustek.