Our analyst Adam Thomas found this: a piece of ransomware that locks up Windows until you enter your credit card data.
First it claims you are running a pirated version of Windows and they need your billing details. “…but your credit card will NOT be charged.”
And of course that’s true.
Once you enter your credit card details, it will “activate” your “pirated” OS and make it legitimate:
Basically, the Trojan locks your system. The only thing you can do is complete the “activation”. You can choose to “activate windows” or “do it later”. If you choose to do it later, you machine reboots.
If you go through the process of entering your data (including your credit card number), then your system will work again.
Your credit card information is shipped off to a network of fast-flux bots standing by ready to receive it.
VIPRE detects it as Trojan-Ransom.Win32.Winac.A