Another customer scammed with Cryptoware

Today (30th June 2020), I am working on 3 computers that belong to a family that run a church near Glossop. On Sunday afternoon an elderly gentleman was minding his own business working on spreadsheets for the church and he needed some info on Births, Deaths and Marriages, he set off in Google as we all do and one of the top websites in the search was ReImagePlus which looks to me like it was sponsored from browsing his history, cookies/cache etc.
He clicked this URL and it installed a program called ReImagePlus on his PC, and he carries on with his work, not thinking he just downloaded a malicious program. This App also installed Chromium which is well known for hijacking browsers and not having any uninstaller or exit button.

Later that day he got a pop-up on his screen telling him that Microsoft had found issues on his computer and he must call this number, 0741 834 7457, (make a note of this number, send it to everyone you know who may fall victim to this scam), he gave them a call, because he is an honest man, he never dreamed someone would be out there to scam an innocent person, the man on the other side of the line (possibly Indian) told my customer he needed to run a program called “LOG ME IN” so he could fix the issue. Yes, anyone who knows is not shaking their heads, we know, you know, but unfortunately millions don’t know which is why I create these posts in the hope they reach people, even if we can stop one scammer, that’s a good deed done 🙂

So, the bad guy now has full access to the computer and he shows the customer what he says are errors on the computer, of course, these just made up and do not really exist, he tells our man that he can fix it but it will cost X amount which is playable via various methods. My customer at this point starts to feel that something is off and hangs up, he then calls me but he has to wait until I see his messages on Monday morning.

So, yesterday after stripping the OS and looking what has changed in 24 hours, the hackers put 3 backdoors to the computer including a plug-in for Chrome that was transparent in the OS. I have removed up to now over 200 pieces of Malware, tracking tools, keyloggers etc and it finally looks like the OS is back to normal. They had installed some Cryptoware but fortunately because the gent turned the PC off it has not been able to infect much, and the free Kaspersky tools soon had them rolled back luckily. They had also deleted all his restore points and backup files so we could not simply roll back to last week and then do a manual clean-up. I have spent over 30 hours cleaning up 3 computers, all because of some low life scum who prey on the vulnerable.

PLEASE NOTE:
Microsoft will NEVER call you. If you get a call from BT, Virgin etc, do not give them access to your computer, only take support from them if you have called them directly- if they tell you to hang up and call back, they can hold the line, so you think you are calling but in fact, the line has not been freed from the previous call, so always use a different phone, if you can’t then leave it until the next day.

PLEASE SHARE THIS AND GET PEOPLE EDUCATED

What are your thoughts?

This site uses Akismet to reduce spam. Learn how your comment data is processed.