MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

9.14.2010

Microsoft Security Antivirus ransomware

Criminal groups from Russia are trying constantly to raise money fraudulently, maliciously re-launched a proposal through a ransomware. In this case, the strategy is to display a window that is positioned in the center of the desktop, displaying a message in Russian under the title "Microsoft Security Antivirus".

Ransomware opening message
The window displayed by the ransomware is located in the center of the screen and block any possibility to access Windows programs

This malware is part of the same family that has plagued Internet ransom and are expressed through different designs, some more aggressive than others but ultimately with the same magnitude of risk and same objectives.

Although this variant does not endorse any websites with pornographic content, claims his reward through a text message SMS rate in this case, the number 89030064850. The reward consists of being the payment of 400 rubles (Russian currency).

Reward Request
In this way the offender makes an economic profit at the expense of a mechanism fraudulent and illegal, in many cases, requires users to pay the amount of money without a guarantee that you will receive the unlock key


The ransomware have become commonplace, providing a highly resource exploited by computer criminals who through affiliate systems collect the profits and manage the spread of the threat using specific crimeware.

Countermeasures
S!Ri has published some unlock codes can be used to regain control of the system. Thanks S!Ri

Number to Call: 89030139823
Number to Call: 89030065742
Code to unlock Windows: 77294738T

Number to Call: 89030064258
Number to Call: 89030064960
Number to Call: 89030065384
Number to Call: 89030139997
Code to unlock Windows: 720194320Q

Related Information

New SMS ransomware template with slight change
Campaign to disseminate russian ransomware
New Russian SMS ransomware In-the-Wild
SMS Ransomware porn template update
New variant of ransomware through porn sites IV
New variant of ransomware through porn sites III
New variant of ransomware through porn sites  II
New variant of ransomware through porn sites
Another very active SMS Ransomware
SMS Ransomware for Windows In-the-Wild

Ver más

9.09.2010

New SMS ransomware template with slight change

Recently a new variant of SMS ransomaware family that spread and promote pornographic sites, is In-the-Wild presenting a superficial makeover.

Several weeks ago a campaign is active through which spreads a variant of this type of ransomware, which displays a black window covering the entire desktop. This time, the window does not cover the entire desktop but is located in the center of it, but disables any possibility to access any of the applications of the system.

As in previous campaigns for the release request to send an SMS message such as a certain number requesting the sum of, according to the variants detected so far, 350, 400 and 410 rubles (Russian money).

SMS Ransomaware asking for 350 rubles

SMS Ransomaware asking for 400 rubles

Countermeasures
For cases where the requested ransomware 410 rubles for a key to unlock the system can use any of the following keys to unlock provided by SiR! from his blog (thanks SiR!):

Number to Call: 89654028516
Number to Call: 89654028759
Number to Call: 89654028794
Code to unlock Windows: 403947563!

Number to Call: 89654028519
Code to unlock Windows: $334327890$

Number to Call: 89654028477
Number to Call: 89654028491
Number to Call: 89654028518
Code to unlock Windows: $009264834$

Related information
Campaign to disseminate russian ransomware
New Russian SMS ransomware In-the-Wild
SMS Ransomware porn template update
New variant of ransomware through porn sites IV
New variant of ransomware through porn sites III
New variant of ransomware through porn sites  II
New variant of ransomware through porn sites
Another very active SMS Ransomware
SMS Ransomware for Windows In-the-Wild

Jorge Mieres
Founder & Director of MalwareIntelligence
Crimeware & Intelligence Analyst Researcher

Ver más

9.03.2010

Campaign to disseminate russian ransomware

Updated 09/03/2010
S!Ri is doing a great job getting information needed to unlock this and other variants of ransomaware. Has kindly agreed to share with us their work by providing an update with new codes. Great job S!Ri and thank you very much for sharing data :)

Number to Call: 89654028569
Number to Call: 89654028703
Code to unlock Windows: !8912034'

Number to Call: 89654028578
Number to Call: 89654028597
Number to Call: 89654028594
Number to Call: 89654028566
Number to Call: 89654028563
Number to Call: 89654028583
Number to Call: 89654028725
Number to Call: 89654028717
Number to Call: 89654028703
Code to unlock Windows: (30958374)
 
Number to Call: 89654028562
Number to Call: 89654028563
Number to Call: 89654028590
Number to Call: 89654028595
Number to Call: 89654028598
Number to Call: 89654028578
Number to Call: 89654028614
Number to Call: 89654028723
Code to unlock Windows: ~2058205~

You can find more information about the type ransomware malware and rogue on his blog:

Original 09/02/2010
Every so often a new ransomware campaign designed to block access to the operating system by displaying a message which requests to send a text message SMS rate to a certain number, in theory, to receive a key to regain control access to the system.

SMS Ransomware
The window occupies the whole screen by closing access to any program. When you enter the correct password, the window disappears and the binary executable is self-eliminated.

The distribution of this ransomware is being carried out since late July and so far has more campaigns. All show the same message and design style, but change the phone number to be sent the text message. Some of the executables that are part of this campaign are:

The business of the offender is the percentage of money that is carried by each SMS that is recorded at these different numerical ranges, sent by the victims. The amount of money requested by the offender through the message to aspire to unlock access to the system is 400 rubles. That sum is expressed in Russian currency (рубль) and its equivalent in U.S. dollars is $ 13.


In all campaigns has appeared so far of this variant of ramsomware, provided the amount requested was 400 rubles.

Another peculiarity is that it belongs to the generation of ransom whose dissemination strategy is exploited using pornographic resources, either through websites or domains conditional content, using SEO strategies, are content with words that refer to the type of content referred to.

Countermeasures
Unlock the following codes:

89653625352
Unlock code: @34208923@

89653686497
Unlock code: 10779401

89653276574
Unlock code: 17661888

89652404438
Unlock code: !48950345!

89646283842
Unlock code: 10070000008000

89636385700
89636385707
89636385755
89636385675

Unlock code: $73747589$

89629911485
89629911932
89629911658
89629910152
89629910824
89629910747
89629910275
89629909846

Unlock code: 10200000000000003

89057635571
89055280410
89055280241

Unlock code: $73747589$

89055282108
Unlock code: ^77723094^

Related information

New Russian SMS ransomware In-the-Wild
SMS Ransomware porn template update
New variant of ransomware through porn sites IV
New variant of ransomware through porn sites III
New variant of ransomware through porn sites  II
New variant of ransomware through porn sites
Another very active SMS Ransomware
SMS Ransomware for Windows In-the-Wild

Jorge Mieres

Ver más