New ransomware arrives as phony alert from Microsoft

The email claims a user's Windows license has expired and prompts the target to call a toll-free number.
The email claims a user's Windows license has expired and prompts the target to call a toll-free number.

A new ransomware iteration has been detected by Symantec embedded in an email message disguised as an alert from Microsoft.

The threat (freedownloadmanager.exe), dubbed Trojan.Ransomlock.AT by Symantec, is showing up primarily in the United States. The email appears to be a legitimate notice from Microsoft claiming the user's Windows license has expired and prompts the target to call a toll-free number in order to unlock their computer.

The new ransomware variant follows up on similar scams Symantec detected previously. The difference this time, the company stated, is that it now is using a recognizable name.

"What makes this different from traditional ransomware is that it appears the attackers have carefully thought out how to maximize revenue generation by using a combination of branded ransomware alongside manipulated search results," the researchers said.

Keep your OS and security software up to date, Symantec advised.
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS