This scam combines two of our favorite criminal activities: ransomware and the Microsoft tech support scam. It was first reported by Avast security researcher Jakub Kroustek. This particularly nasty bug is known as Vindows Locker. If you’re infected with this bug and attempt to open a file, you’ll get a notice that the file can’t open.
You’ll also notice that .vindows file extension is now on the end of every one of your encrypted files.
You’ll then see a very poorly-worded pop-up with this poor guy’s face. (I’m fairly sure he isn’t actually involved at all.) The poorly worded message says that they have locked your files with the Zeus virus and that you must call level 5 Microsoft tech support at an 800 number. Then they will unlock you files for a one-time charge of $350.
You might be tempted to call the number in an attempt to rescue your files. But that’s not the number for Microsoft support, it’s the number for the hackers who infected your computer. They don’t want to fix it, they just want to scam you out of your credit card information and personal data, so they can use it to steal from you. Don’t be fooled by the fake Microsoft Support page that opens up after they gain access to your computer. It’s definitely a scam.
But unlike so many other encryption scams, there’s actually a fix for this one. Malwarebytes is offering a Vindows Decryption Tool. You can click here to download and launch.
As always, be very careful of what you click on. Always have up-to-date virus and malware protection installed on your PC. NEVER trust anyone who contacts you claiming to be from tech support.