Russian Malware Blocks Windows Use, Demands SMS RansomRussian Malware Blocks Windows Use, Demands SMS Ransom

How important is it for you to be able to access your data? Would you pay money to recover your data if a hacker stole it?Ransomware is the subcategory of malware that demands payment before allowing you to gain access to your important documents.

Often the malicious will do this by encrypting the files in your My Documents folder, and requesting that money is wired to them via a service like Western Union.

Today, however, researchers in SophosLabs saw something a little different. A piece of ransomware originating in Russia blocks access to Windows and demands payment by sending an SMS message to a premium rate mobile number:

If your Russian is a little rusty, then here's a quick translation:

"WINDOWS BLOCKED
To unblock send an SMS
To number 3649
With Text :k2590620008
Enter the received code:
*Any action mimicking activation will result in data loss and computer violation"

So it's another sneaky way for the hackers to make money at your expense. But the question I have is this: Surely the telephone company knows who has registered that premium rate phone number? Isn't that an obvious line of enquiry for the authorities to follow?

Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his other blog on the Sophos Website, then you can find him on Twitter at @gcluley. Special to Dark Reading.