Hacked Mircrosoft Machine

"Please leave a message at the beep, we will get back to you when your support contract expires."

Moderators: phlip, Moderators General, Prelates

User avatar
addams
Posts: 10223
Joined: Sun Sep 12, 2010 4:44 am UTC
Location: Oregon Coast: 97444

Hacked Mircrosoft Machine

Postby addams » Wed Apr 10, 2019 2:43 am UTC

My neighbor has a Microsoft Machine and she has been hacked.

She was given a number to call;
They told her they are Microsoft.

They demanded Money.
The poor woman is upset.

Her Machine has a repeating alarm going with a warning and the number to call.
She called and talked to the Black Hats, just like I did.
The Black Hats turned her alarm off then back on.

I found the help number:
In the USA, (800) MICROSOFT (642-7676)
In the morning I will go and make the call for her.

My Mac was hacked. I called Tech Support.
I hope it goes as well for her as it did for me.

I'll let you know.
Life is, just, an exchange of electrons; It is up to us to give it meaning.

We are all in The Gutter.
Some of us see The Gutter.
Some of us see The Stars.
by mr. Oscar Wilde.

Those that want to Know; Know.
Those that do not Know; Don't tell them.
They do terrible things to people that Tell Them.

User avatar
Soupspoon
You have done something you shouldn't. Or are about to.
Posts: 4060
Joined: Thu Jan 28, 2016 7:00 pm UTC
Location: 53-1

Re: Hacked Mircrosoft Machine

Postby Soupspoon » Wed Apr 10, 2019 11:54 am UTC

Was she cold-called 'by Microsoft', followed their instructions and then found herself in trouble? (Note: this never happens for real, nordo MS pay you/charity for every forwarding of an email, etc. Unless you have a specific service agreement already in place they wouldn't know your contact details if if your machine somehow 'calls home' to tell MS that there's a problem needing fixing.)

If this was the case then it really only gets prevented by knowing that this is a scam in advance. Those who fall for it (there's always a period in everyone's life when they never knew about this kind of thing, and some people also forget or don't remember/associate this as the thing they experience, afterwards, too) can often be asked to turn off any safeguards they may have had installed against hijacking.


If it was the machine that told her to call 'microsoft', then some malware or malware-gateway leaked through. For the former, up-to-date AV is a good protection (but there's always "zero day" or otherwise unrecognised methods around to avoid detection) and should always be considered checking to make sure it isn't lapsed/inactive.

The version where clickbait pop-up/email gets the user to install the problem (it may have been a "Microsoft alert" or "Document from someone you know" or "100 Millionth visitor!" or "Couples in you area", whatever it took to get you to succumb) is a bit of both issues. If you had not clicked then it would not have needed to be detected by the AV you ought to have had. But as both stages are fallible then there's enough possibility of jumping through both the hoops to make it worth someone's while.


Then there's the payload. If it is "lockdown ransomware" then the realistic solutions generally are one or a combination of:
1) take the hit, new machine or entirely new install (sufficient to override the altered boot-state) and trust to backups and recovered account details to bring you back to how you were,
2) Find a reputable de-ransoming solution (may not exist, but some don't do the public-encrypt/private-decrypt whole hog, and may have a reversal engineered by white-/grey-hats, or even other black-s, but they're probably not to be trusted), but make sure it is reputable, don't trust the machine online, make whatever backups/installation notes you need and then take the opportunity to refresh or replace the machine, restore everything legitimate (no possible remnants of the original problem) and move on,
X) NEVER take the option to pay the ransomwarer. It 'legitimises' their efforts, and you have no guarantee that they are willing, able or even the right person to 'repair' your machine. Even if it is unlocked, it may still be 'held on account' as a botnet assett or future "has paid, will pay again" victim. But should this be the way you go (DON'T!) and you're lucky enough to be given access then DO still take stock of your backups/etc and renew/replace the machine.


If it's not debilitating ransomeware, but just "pestering" notifications (probably trying to get you to install actual ransomware as the 'solution') then a quick fix is more possible without having to get around the worst of the above, but still you need to consider deep-cleaning with whichever AV you can (one 'active' one at a time), malware scanners, even manual checking.


It's not a "do this and it will be solved" thing, though. Far too many variations. If you do not already know how to solve it, better to get in contact with a local Tech Guy of known repute to assess the situation and discuss the possible fixes/fix-it-uppers. It's been a few years since I've had to deal with a fully-ransomed Windows machine (luckily, with a trivially simple 'lock' on it) or really bad virus, so I'm maybe not familiar with the very latest threats and need to ask people I know to assist/take over for me in awkward cases. And for the Mac I'd definitely defer to an Apple Store service desk unless I could get hold of the one guy I know who might have an immediate solution at hand.

I'm not entirely sure MS will have good news for you, when you talk to them. They'll have some generic fixes, but it really needs hands-on to deal with. But good luck with all that anyway. If nothing else, let everyone learn from this experience, and 'innocculate' themselves against this same/similar threat in the future, hopefully.

All the best.

User avatar
addams
Posts: 10223
Joined: Sun Sep 12, 2010 4:44 am UTC
Location: Oregon Coast: 97444

Re: Hacked Mircrosoft Machine

Postby addams » Wed Apr 10, 2019 3:07 pm UTC

Thank You, Soupspoon .
I went down ready to help in any way I can.

The computer owner is a woman with a temperament.
In the community we have learned to never argue with her.

The next time the Black Hats called her, she said, "You go straight to Hell!"
"I am throwing this computer in the dumpster!"


I stood there with my eyes bugging out.
I don't talk like that. She does. It worked.

This morning her computer is working fine.
I gave her a few pointers about "Trusted Sites".

To be fair, that may do little to nothing.
I was hacked through xkcd forum.
Xkcd Forum, my internet home.

Oh! Yes. You are very correct.
Microsoft may not help at all.

After multiple calls I still had not gotten through to Tech Support.
Shall I sing the praises of my Mac and the Tech Support they gave me, again?

Thank you, just, for being here Soupspoon and Help Desk.
Life is, just, an exchange of electrons; It is up to us to give it meaning.

We are all in The Gutter.
Some of us see The Gutter.
Some of us see The Stars.
by mr. Oscar Wilde.

Those that want to Know; Know.
Those that do not Know; Don't tell them.
They do terrible things to people that Tell Them.


Return to “The Help Desk”

Who is online

Users browsing this forum: No registered users and 10 guests