Sextortion Ransomware — A New Tactic in Fake Tech Support Scams?

Have you ever received a random phone call from a person with a foreign accent who claims there is something wrong with your computer and then offers to diagnose or fix it? If so, the odds are you were experiencing an epidemic now known as the “fake tech support” scam. The scam’s ultimate goal is to get the victim to purchase an expensive but completely useless technical support plan to fix phony issues.

Though this scam has been around for many years, it has manifested itself in numerous different ways as the scammers’ tactics have evolved. Originally the calls tended to target only the most elderly tech users and the warning was usually that the computer was infected with viruses. As time went on, both the age of the victims and the nature of the warnings became progressively more varied. Victims typically were warned of everything from the impending “death” of the hard drive and files, to the “poor performance” of the computer.

However, in most cases the scammers would limit their fear mongering to issues with the computer itself — until now. In a new and more disturbing iteration, the scammers are now using a tactic that can best be described as a mix of “sextortion” and “ransomware”. We recently were contacted by a young man whose computer was taken over by someone threatening to ruin his life by (among other things) uploading child pornography onto the computer (see image). The attacker demanded a ransom payment of $50,000 within 10 minutes to stop the attack. Minutes after this threatening message appeared on his computer, the young man was contacted on the phone by someone claiming to know the computer was compromised, and offering a paid tech support service to “rescue” it from the attack. In other words, both the “attacker” and the “rescuer” in this case were the exact same scammer.

With all the talk about ransomware and sextortion in the news today, it’s probably no coincidence that the staged attack integrated elements of both threats. After all, playing up the innate security concerns of the user is a hallmark of the fake tech support scam — only here it goes a lot further. What makes this case even more unnerving is that the scammer actually did upload pornography to the young man’s computer. While we had no way to determine the age of those depicted, we were able to determine conclusively through forensic analysis that numerous pornographic images were transmitted to the computer by the scammer. So no matter how you slice it, this is a pretty dramatic escalation of a scam that just won’t go away.

So what, if anything, can the average tech user do to guard against this scam? The simplest answer is — be wary of ANY unsolicited calls or e-mails you receive. Most of these scams start out as some sort of random communication that attempts to earn your confidence. So no matter how engaging or credible the person on the phone sounds, if you have even the slightest doubt you should hang up and investigate further. Bear in mind that with tech companies especially, most people are hard pressed to find a tech support phone number even when they want one! So when someone calls randomly and claims to be “Microsoft”, you have to take that with a grain of salt.

Another good trick is to Google the phone number that called you. Very often, just entering the full 10 digits into Google will yield you nothing but a list of people complaining about receiving scam calls from that same number. If the caller were legitimate, you likely wouldn’t have any trouble determining that from the search results.

Above all, remember that anonymity can be a dangerous weapon on the Internet. Always know who is speaking to you, ask detailed questions, trust your gut, and be safe!