Ransomware poses as Microsoft 'update'

Users of computers running Microsoft's Windows operating system, look out: a new ransomware is posing as a supposed fix for a vulnerability. Computer security firm Panda Security said the ransomware seeks payment to on the pretext of making sure that a victim's machine is running genuine Windows software. "Once you get infected (you can receive it in a number of different ways, most likely via spam messages and P2P), your computer is restarted. What for? Well, the malware installs itself to run every time your computer is started," researcher Luis Corrons said in a blog post. He said the malware he found was written in German, informing the victim that his or her Windows' authenticity could not be verified. It would then demand €100 (P5,810) in exchange for continued access to his or her data, and give payment instructions. "Before saying goodbye they let you know that in case you don’t pay you’ll lose access to the computer and will lose all your data, as well as that the district attorney’s office has already your IP address and that you’ll be prosecuted in case you fail to pay the 100€ in 48 hours," Corrons said. A user who visits the website indicated by the malware will be redirected to another website where he or she can provide some data, so they can charge the €100. "Once you have sent them your data, they tell you you’ll get an activation code within 24 hours when they have confirmed that your credit card is working," he said. But Corrons also provided a code that victims can use to deactivate the malware. The code will cause the computer to be restarted and the registry key created by this malware (detected as Ransom.AN) to be removed. — TJD, GMA News