According to Luis Corrons, technical director with the Spanish-headquartered IT security vendor, once you are infected – typically via spammed email or P2P transmissions – your computer restarts and, after installing itself, the malware flashes up a German language warning, advising the user that their Microsoft Windows authenticity cannot be verified and asking for a 100 euro licence fee.
The implication, Infosecurity notes, is concerning, as the real Windows WGA authentication effectively limits access to the users' PC once the warning period has expired. This ransomware doesn't have the decency to offer a warning period, posing a potentially severe problem for users.
Corrons says that, if a user falls for the scam, they will be directed to another site where payment details are taken, and the user is advised they will receive an activation code within 24 hours.
The Panda technical director says that, for users hit by this ransomware and who don't want to pay anything to the fraudsters, the code is: QRT5T5FJQE53BGXT9HHJW53YT
“Doing that your computer will be restarted and the registry key created by this malware (detected as Ransom.AN) will be removed, as well as the malware file”, he says in his latest security posting.