Chinese Ramsomware That Changes Windows Login Credentials

[Zurchiboy]

Usually you get some screen saying that you have to pay something. this article also said you had to pay, but it used a password. Keep an eye out for this ransomware.

http://www.symantec.com/connect/blogs/chinese-ransomlock-malware-changes-windows-login-credentials

[Jose]

Hey,

 

Ransomware is probably the type of malicious software that irks me the most, from a morality stand point.

 

Good to know, thanks Zurchiboy (I just realized that your name is not "Zurich"boy, but Zurchi...)

 

-Jose

[ritchie58]

I agree with Jose. Ransomware is a rather insidious form of malware. There's some new variants of the old bogus FBI warning ransomware that is using Green Dot MoneyPak cards as a form of payment that either locks up your whole computer by changing or adding the Windows login credentials or some variants will target & lock up your browser(s) only by exploiting Flash vulnerabilties thus disabling all internet access. The big problem with this type of malware is even you capitulate and pay the ransom that does not deactivate the virus in most cases and you're still stuck with a useless computer or browser until the virus is removed or you reformat your OS (worst case scenario).

 

Here's a few examples of what the ransom screen may look like:

[Zurchiboy]

I have never been hit by ransomware and I hope it stays that way. Usually people who know what there doing use pre-bootable environments such as kaspersky recue dis or comodos rescue disk.

[ritchie58]

I've personally never been the victim of ransomware either Zurchiboy and I'd like to keep it that way too, lol! This type of infection is on the rise recently, I'm sorry to say, as new variations are being developed & released.

 

The easiest way to encounter ransomware is using "risky internet browsing habits" such as visiting questionable web sites and clicking on links at such sites. Then you're redirected to the bad guy's server and the virus is downloaded to your system. Using compromised porn, peer to peer file sharing and ilegal crack, keygen sites are just a few examples of risky browsing. Sometimes hackers can gain access to legit sites that have security vulnerabilties and plant their malicious links that way too but, thankfully, that doesn't happen as often. So the bottom line is be careful what sites you visit and what links you click on. Using a little "common sence" can go a long way at keeping your system malware free!

 

Another nasty aspect about this type of infection is that a lot of variants can disable your currently installed anti-virus software too which makes it difficult to remove except by experts. It will also prevent you from installing any new anti-malware software. That's where I'd love to see Immunet develope a portable anti-malware package that can be run from a USB stick. Something like Emsisoft has done with their free Emergency Kit 4.0 which works quite well at removing ransomware. Using Malwarebytes in Safe Mode has proven to be useful for this type of virus too.

 

I use Windows 7 Ultimate which gives you the option to burn a bootable Rescue Disk to CD. That's something I've done some time ago just in case it's needed. I actually had to use it once when I encountered some "serious problems" trying to install Service Pack 1 for Windows 7. A rescue disk is great at fixing corrupted OS files but one problem with using some rescue disks is that you can loose data that's on the same drive as your OS that's not backed up or partitioned separately such as photos, videos, music, documents, etc...

 

Cheers, Ritchie...

[Zurchiboy]

Kaspersky 2014, i saw in a video had the ability to terminate screenlockerrs. Have not seen any tests regarding that feature