Symantec, a global leader in next-generation cyber security has just discovered a new ransomware variant that pretends to originate from Microsoft and uses social engineering techniques to trick the victim into calling a toll-free number to “reactivate” Windows.

The threat (freedownloadmanager.exe), dubbed Trojan.Ransomlock.AT by Symantec, is showing up primarily in the United States.

The threat has links to TeamViewer and Logmein in the lock screen as well. Which may be intended to offer the victim some sense of support and professionalism. We are assuming the agent on the other side will guide the victim through the process of unlocking their computer.

Symantec called the toll-free number for more details and for a cost however they were forced to hang up. The on-hold music and message were also convincing, and played random music with an automated voice repeating every so often: “We appreciate your business. All agents are currently busy assisting other callers, and please continue to hold for the next available agent.” After the 30-minute mark, it stated: “We apologise for the extended delay and appreciate your business. Please press any key to schedule a call back.”

The code itself is rather simplistic, with Symantec finding it does not contain any connections to a command and control server and that the victims can unlock their computer with the code : 8716098676542789, which was found in the source code.

Smarttech advise that you keep your OS and security software up to date to combat against social engineering techniques.

For tips on how to prevent against ransomware see our blog 5 Ways To Protect Your Organisation From Ransomware Attacks or simply contact our experts today.