“Your Windows Has Been Banned” malware is back and this time attackers are demanding US$50 in Bitcoin from victims to regain control of their locked Windows system. It is worth noting that this is the second appearance of this malware. The scam has been designed to install Rouge.Tech-Support malware into computers.
Previously, it was identified in 2016 when it tricked victims by sending out messages that their MS Windows installation was halted for violating the terms and conditions of Microsoft and Windows. Back in 2016, the ransom message asked victims to make a call to the technical support number of Microsoft, but this number actually routed them to individual selling irrelevant and unnecessary services, while the asked ransom was US$99.99 for new Windows license.
The malware’s second installment tries to trick users of Windows OS with a different technique where a message Your Windows Has Been Banned appears on the computer’s lock screen when the PC is booted, and then the attacker gives victim two options:
1) Buy new key for Windows for $50
2) Delete entire data and render the PC unusable for future use
According to the Merkle The attack mechanism shows that novice PC users are the key targets of attackers since only beginners would fall prey to such a trap given the amateurish treatment given to the malware, which becomes pretty obvious with the second warning statement where the attacker talks about deleting all the data and rendering the computer unusable for future use. Naturally, a company like Microsoft would never demand payment in cryptocurrency nor would it suggest making the PC unusable.
In the past two years, internet scams like this one have continually evolved, and users are scared to pay as they are unsure whether the malware already has been installed on their computers or not. So what should a user do in such a situation?
To make sure, users must perform malware check and scan the computer for viruses and infections, and it is also a good idea to contact the customer care department of the company the name of which was used in the scam message.
To avoid your PC from getting infected, it is important to avoid clicking on unverified and suspicious looking emails as well as avoid clicking on every other link that appears on their web browsers or email. It is also important to keep the PC updated and install latest anti-virus tools.