The scam begins with a phone call or email from someone pretending to be from Microsoft Support (or similar) and saying that you have a major problem with your computer, and providing you with contact details for a 3rd party support company in the US or India who can assist. When you contact these people they will request remote access to your computer, and if you grant that request this is where the real pain begins.
Convinced by the scammers, this individual had agreed to pay for an annual support contract with the scammer at approximately $250. The scammers were granted access to the computer to fix the apparent problem, however the customer soon found real problems starting to raise their head.
Lockdown
Following an "assisted" upgrade from Windows 8 – 8.1 by the scammers, they encrypted the Windows registry, and Hard disk to "protect" the customer, and applied passwords to the Registry, Hard Disk and BIOS. The net result being that the customer was now fully at the mercy of the scammers.
The customer was given the Registry and Hard Disk passwords enabling a cumbersome three-stage Hard Disk->Registry->Windows logon; however the scammers did not disclose the BIOS password preventing removal of the Hard Disk password, presumably to try and lock him out if he didn't continue to pay support.
When Windows 8.1 stopped working the customer decided to try a new path, and reached out to me for assistance. Whilst I was unable to remove the registry encryption, as this is a one-way path, I was able to remove the associated password, backup his data, and run a complete malware scan and clean. Subsequently I have investigated what these low-lives have been up to on this PC and shut them down. What I found was not pretty.
Open Access
The scammers had installed three separate remote access tools, which granted them unfettered access to the computer, they had compromised the firewall and setup numerous VPN ports, enabling them to continue to access his PC should their primary tools be discovered and disabled. They had also been running a number of password and system key extraction tools in the background. No sooner had I locked them out, than the scammers were on the phone to the customer to find out what was going on. He politely told them they were no longer required and it was game over for the scammers. What we will never know is what information, if any, they extracted from his system.
Fortunately there was not a lot of confidential data on the machine, however the customer has since had to change all passwords, and inform his financial institution(s) of the breach.
Clean Start
Unfortunately because of the Hard Disk password, he has had to return the machine to the manufacturer to have the BIOS password and Hard Disk password removed. Once done I will re-install a fresh and uncompromised, installation of Windows.
The long and the short of this story is, if people call or email you, pretending to be from Microsoft (or any other company) and request access to your computer to “fix a problem” they are either Hackers, or Scammers. DO NOT under any circumstances give these people access to your computer, and certainly do not pay them any money. Your personal data, and financial security could be at risk if you do.
Think you're safe?
You might think you’re safe, because you haven’t made the move to Windows 8 yet, but you would be wrong. This scam has nothing to do with Windows 8, and in fact began years ago with Windows XP, and it has been doing the rounds ever since. The scammers work on a very simple premise: Frighten you, convince you you need them, hardsell their "service" and once they have you on the hook, establish control and put traps in place to stop you backing out. If at any point you stop paying, they have full control of your computer and can lock you out of your own system.
If you have fallen for a similar scam, or feel your system may have been compromised in some other way by scammers or malicious software, take it off-line immediately (by unplugging your network cable, or disabling the wireless adapter in your computer. Once you have done that, if you’re within our service area, contact Excalibur on 02 9456 7932 or email us. If you’re outside of our service area, find another reputable local Technician who can help remedy the situation.
It may take several hours to resolve and, depending on the damage done, may require your computer to be re-installed however the alternative is far worse and you’re better safe than sorry. Stay Safe People