Creators of ransomware and fraudulent tech support sites are combined

While the former hold the files hostage, the latter expose fabulous bills for eliminating non-existent problems on the computer.

The attention of Symantec specialists has attracted a merger of two serious online threats that could cause big problems if Internet users have to face them.

Some websites offering very dubious tech support services also use ransomware programs that block user files, charging for decryption.

Fraudulent technical support resources are trying to convince users that problems have been found on their computer, and then they offer software or additional services at an inflated price to fix the problem. As a rule, the mechanism is launched using a pop-up message with the specified contact number for making a call or a link to download the software.

Millions of users were at risk as a result of a similar threat to information security.

According to Symantec, tech support sites also run ransomware programs in the background. An ransomware program (ransomware) is malware that encodes computer files and requests payment, often through bitcoin, in exchange for providing the key to decrypt them.
')
“As a result, unfortunate victims often have to pay both fraudulent technical support sites for help and an extortioner program to return their files in decrypted form,” said Deepak Singh, deputy chief analyst for virtual threats, in his blog. .

At one of these technical support sites, Symantec experts discovered a hidden iframe page that redirects visitors to the Nuclear exploit kit, which is often used to distribute malware.

It is not entirely clear whether the owners of fraudulent technical support sites cooperate with the developers and distributors of such exploits and related products. But, according to Singh, some of these resources are experimenting with the introduction of ransomware programs.

It may also turn out that technical support sites have been compromised and forced to participate in the scheme of redirecting visitors to malicious exploits.

“Be that as it may, we first encountered a situation where fraudulent technical support sites use Nuclear exploit kit resources to distribute ransomware programs,” Singh writes. “If such cooperation turns out to be fruitful, I am afraid that in the near future we will encounter new combinations of a similar nature.”