Ransomware Can Strike Anywhere

This past weekend, various postgraduate students in France ended their academic year by making final modifications in their theses.

On Sunday, I assisted some of them. While browsing the Internet for some last-minute data, they suffered the fright of their lives: the sudden closing of their Microsoft Word software–without prompting to save their data–no more Internet access, the inability to reopen any application, and a series of pop-up windows warning of a malware infection and asking for a payment (US$89.95) to remove the threat and restore their systems.

In this case the students had searched for some Facebook statistics to finalize their studies and joined a WordPress blog, which would never be suspect but was infected with “ransomware”–fake-alert malware that pretends to be security software and requires a “subscription” to clean the system.

A half-hour later, I was able to locate the copies of their unsaved precious documents (*.asd files in the C:\Users\[Username]\AppData\Roaming\Microsoft\Word\) and to recover them on a clean computer. The disaster averted, I restarted the infected computers in Safe Mode, cleaned the registries, and extracted the malicious file for my own use.

I discovered the malware has been detected and cleaned as FakeAlert-SecurityTool.er with our most recent DAT files.

I share this story to remind you that malware does not happen only to others. Three students almost lost the culmination to their scholastic efforts. In other circumstances, the situation could have perhaps escalated to more critical results. Individuals making scareware and ransomware prey on the fear of their victims to extort money. Malware researchers are doing their part; we will be satisfied only when these crooks end up behind bars.