Tech Support Scams Evolving with Ransomware Attacks
Posted by: Timothy Weaver on 12/12/2015 09:37 AM
[
Comments
]
Tech support scams have been evolving and are now using the Nuclear exploit kit to drop ransomware onto victims’ computers, as well as displaying misleading pop-up windows.
Although it is an old scam, tech support scams are still targeting hundreds of thousands of users all over the world. The original scam involved cold calls by selling support packages to address non-existent problems on victims’ computers. It has evolved to displaying pop up messages telling the user that there is malware on your computer and to call an 800 number. The scammers then try to sell the victim a package to fix the non-existent problem.
We’ve recently seen many instances where attackers serve tech support scams and the Nuclear exploit kit almost simultaneously. We found that the scam’s web pages include an iframe redirecting users to a server hosting the Nuclear exploit kit.
After landing on the tech support scam page, the Nuclear exploit kit attempts to take advantage of vulnerabilities on their computer. It will try to drop either the Trojan.Cryptowall (ransomware) or Trojan.Miuref.B (information-stealing Trojan).
Unfortunate victims could end up paying both the fake tech support scam for “help” and the ransom to decrypt their files.
This is a new wave in the old tech support scam and if it proves effective, we will no doubt see more of this.
There is little a user can do, but simple preventative measures are:
• Use a comprehensive security solution to help block attacks
• Regularly update software to prevent attackers from exploiting known vulnerabilities
• If impacted by these scams, do not call the number in the pop-up windows
• Perform regular backups of important files
• Do not pay any ransom demands as doing so may encourage the cybercriminals. Additionally, file decryption is not guaranteed to work.
Source: Symantec
Although it is an old scam, tech support scams are still targeting hundreds of thousands of users all over the world. The original scam involved cold calls by selling support packages to address non-existent problems on victims’ computers. It has evolved to displaying pop up messages telling the user that there is malware on your computer and to call an 800 number. The scammers then try to sell the victim a package to fix the non-existent problem. We’ve recently seen many instances where attackers serve tech support scams and the Nuclear exploit kit almost simultaneously. We found that the scam’s web pages include an iframe redirecting users to a server hosting the Nuclear exploit kit.
After landing on the tech support scam page, the Nuclear exploit kit attempts to take advantage of vulnerabilities on their computer. It will try to drop either the Trojan.Cryptowall (ransomware) or Trojan.Miuref.B (information-stealing Trojan).
Unfortunate victims could end up paying both the fake tech support scam for “help” and the ransom to decrypt their files.
This is a new wave in the old tech support scam and if it proves effective, we will no doubt see more of this.
There is little a user can do, but simple preventative measures are:
• Use a comprehensive security solution to help block attacks
• Regularly update software to prevent attackers from exploiting known vulnerabilities
• If impacted by these scams, do not call the number in the pop-up windows
• Perform regular backups of important files
• Do not pay any ransom demands as doing so may encourage the cybercriminals. Additionally, file decryption is not guaranteed to work.
Source: Symantec
Comments
