Tag Archives: KDV.153863

Ransom Trojan KDV.153863 – Call Me, Pay The Fee, And I’ll Unlock Your Kidnapped Windows System

imageRansomware is a vicious form of malware, given that that it generally encrypts the victim’s files, or restricts the user’s ability to access the computer in some way. Payment of a ransom fee is the commonality in all ransomware attacks.

According to F-Secure, a new form of ransomware (KDV.153863), which reportedly locks the victim’s computer, leaving the machine essentially unusable, is currently circulating on the Internet .

An infection by KDV.153863 will lead to the following boot screen.


Graphic courtesy of F-Secure – click to expand.

In line with previous versions of this type of malware, an unlock code can be had (ostensibly for free), by following a set of specific instructions.

The following graphic sets out the method to be followed by the victim to obtain an activation code. The activation code does, in fact, unlock the victim’s computer. Cybercriminals with a conscience, or just good business strategy?


Graphic courtesy of F-Secure – click to expand.

You’ll notice in the screenshot that all of the available telephone numbers are international, and it’s by way of this recovery construction that the cyber crook profits.

The Trojan author, collaborating with rogue call center operators, has designed a four minute message routine which the victim is forced to listen to while exorbitant long distance toll fees are being generated. Similar, in a sense, to the old 900 premium-rate telephone number scams  Apparently, these fees are shared between the cyber crook and the call center operators.

Following the forced four minute message routine, the victim is given an unlock code (1351236) which, according to F-Secure, appears to be the same every time the number is called.

We’ve been dealing with this type of malware, on and off, for years. If previous experience is any indication (and it is), we can expect to see more of this type of malware, in a more general release, through the balance of this year.

Reduce the possibilities of infection by this and other malware, by taking the following precautions:

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data. If you are infected this may be your only solution

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure your anti-virus software scans all e-mail attachments

Don’t store critical data on the system partition

Adhering to the best practices, as noted above, is no guarantee that your system won’t be penetrated. All things considered, running your computer in virtualization mode, while surfing the Net, is highly recommended.

Please read Free BufferZone Pro – Maybe The Best Surfing Virtualization Application At Any Price, on this site, for information on virtualization.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under Cyber Crime, Cyber Criminals, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Security Alerts, Malware Advisories, Malware Alert, Ransomware, Software, trojans, Windows Tips and Tools