The Microsoft scam now also has a variant where ransomware is used to force users to pay. Where the alleged authority of Microsoft employees was previously abused to call people at home, fake Microsoft employees are now used to convince victims to pay for ransomware.
A new ransomware that abuses this was discovered by Malwarebytes. The antivirus vendor reports that infections take place through bundling with malicious software.
The ransomware is called "Vindows" after a typo in both the file extensions of the encrypted files, and in the ransom note. The note is shown after all files are encrypted and states, "this not microsoft vindows support we have locked your files with the zeus virus do one thing and call level 5 microsoft support technician at 1-844-609-3192 you will files back for a one time charge of $349.99".
When a victim calls the number in the note he is connected to a scammer in India that pretends to be a Microsoft employee. "They have no real intention of decrypting your files though as they simply want your money," Malwarebytes writes on their blog.
The encryption used by the ransomware was not done properly, so Malwarebytes was able to create a free decryption tool that allows victims to get their data back without paying.
