Netflix Ransomware is a scam using Login Generator

Stay Away! Netflix Login Generator is a Ransomware!

Netflix, a multinational entertainment firm having 93 million users around the world is at risk! The cyber criminals has found a freaking way to scam the Netflix users by using a simple Login Generator. A user might take it easy as he logins in the Netflix account to access it but little did he/she knew that Netflix Login Generator is a ransomware!

93 million Netflix users are at risk if they fall into this Netflix Login Generator scam! Over the times, it has been seen that cyber criminals sell these login credentials on dark web to insert Trojans to get the personal information (including financial) or to hack the servers. Earlier, an app was found as a threat to Android users which affected many users!

How Does Netflix Ransomware Get into Your System?

Usually, Netflix customers pay few bucks to watch popular videos on demand. But to lure customers and given them free Netflix videos on demand, a executable file “Netflix Login Generator v1.1.exe” is used to redirect them to a Generate Login window.

According to Trend Mirco, these kind of files are used to offer free login access to those sites who have paid online services. So there’s no doubt that many users would actually love to use the paid online services for free. Don’t you? This is where the attackers take the advantage!

Netflix Ransomware is a scam using Login Generator

The file name is detected as Netix and once it’s installed in your Windows 7 or 10, you will see the above window seeking your permission to “Generate Login.” Once you click on Generate login, the login credentials might not work but one thing is for sure that your C drive is encrypted by variety of files!

Of course, this ransomware doesn’t work on other operating systems and Windows 8 too. But ransomwares like Cerber & ODIN are always a threat to any Windows user. So be safe from such scams!

As per the report of Trend Mirco, “The ransomware employs AES-256 encryption algorithm and appends the encrypted files with the .se extension. The ransom notes demand $100 worth of Bitcoin (0.18 BTC) from its victims.”

Files Infected by Netflix Ransomware

It encrypts files with the following extensions:

  • .ai
  • .asp
  • .aspx
  • .avi
  • .bmp
  • .csv
  • .doc
  • .docx
  • .epub
  • .flp
  • .flv
  • .gif
  • .html
  • .itdb
  • .itl
  • .jpg
  • .m4a
  • .mdb
  • .mkv
  • .mp3
  • .mp4
  • .mpeg
  • .odt
  • .pdf
  • .php
  • .png
  • .ppt
  • .pptx
  • .psd
  • .py
  • .rar
  • .sql
  • .txt
  • .wma
  • .wmv
  • .xls
  • .xlsx
  • .xml
  • .zip

These files will be infected if you fall to this scam of Netflix Ransomware! Once Netflix Ransomware is spread in your system, it will warn you that your “Data on your device has been locked, follow the instructions to your data.”

Netflix Ransomware locking all system's data

Once you click on Instructions.txt given in the above window, a detailed instructions will be given to you! When you try to decrypt the files using a key, they will ask for a ransom amount. In this case, it’s $100 if the reports are to be believed! Here’s how the instruction file looks like:

You hardly have any option other than paying ransom amount to the hackers! So don’t fall in a scan of this Netflix Ransomware just for the sake of getting free videos on demand!

There’s no doubt that ransomware attacks are high these days! Just before few days, hotel guests were locked out and they were asked to pay ransom amount to unlock the hotel! Smarter technologies are at risk!

hotel ransomware

Hotel Guest Locked and Ransomed by Cybercriminals

Technology has made our life easier but it can also make your life miserable. One of the hotel has recently learnt this. In a Europe, hotel management has admitted that their guests were held in or out of the room by cybercriminals. In what is called a sophisticated electronic key system hack, cyber criminals hacked into the system and asked thousands of dollars in bitcoin as a ransom.

hotel ransomware

Edit: Guest were not allowed to re-enter the room. They were not locked into the room

Just a few days back a news spread about ransomware being spread via Android app in Google play store by the cyber criminals. With this new incidents surfaced about hotel key card system hacking, it seems that the problem is only going to get worse in the future. Most of the 4-star and 5-star hotels now use modern IT system that uses key cards as a door key.

Hotel management decided to go public and mention the issues they faced to warn all other hoteliers out there. With modern technology there increases a cyber crime. The hotel management even said that they were hit three times by such cyber criminals. To make the situation worse, they even managed to shut down entire systems. Guest could not enter or exit from their room. Re programming the system did not help either. The attack shut down entire help desk and all computers in the hotel.

Cyber criminals asked 1,500 EUR (1,272 GBP) in Bitcoin to restore the system. The only option left with them was to pay them the ransom amount. The worst thing is that neither police nor insurance company could help them. Software engineer was also not able to restore the locked system.

However, the good thing is that after paying the ransom hackers restored everything. It also allowed them to operate normally. Unfortunately, there is no guarantee that this would not happen again. With increasing ransomware threat it becomes necessary to take preventive steps to stop such hack. Windows system are more vulnerable at this moment.

The recent ransomware called “Cerber” is very popular among the cyber criminals. It encrypts all files which can only be decrypted using their decryption software or more known as “decryptor”. As of writing this, no anti virus company has found the cure. The only option with users is to pay the ransom via bitcoin or format the entire system. In some cases, users pay them the amount due to sensitive data loss. It is said that over 50% users end up paying ransom to these cyber criminals. The same goes with the latest Netflix ransomware as well!

Brandstaetter said (hotel manager) that the best option is to use good old-fashioned lock keys with hardware. Locks with real keys are best solution and there is no way to hack into it. As a preventive measures all systems are replaced and there is a less chance of fourth hack attempt. The hotel has spent over 10,000 Euros on digital security to stop hackers from attacking again. In previous cases also they paid ransom in thousands Euros.

Smart home and smart locks are widespread now. What happens if smart home security is altered and hackers manage to lock you out of your home? Even a thought about it runs a shiver down the spine. Are we depending too much on smart system? Is it a right time to go back to the old security system where we are less reliant on software?

EnergyRescue ransomware

Sneaky Ransomware App Found in Google Play Store Charge App

Ransomware is a real threat and it has now found a new home. In a surprising and shocking revelation, a ransomware app managed to get into Google play store damaging at least one real world device. A charge app named EnergyRescue was installed by few innocuous Android users expecting it to be a new charging app. Later, one of the user complained about all lost data and ransom amount on a social media platform. It quickly made a headline.

Ransomware like Cerber & CryptoLocker have already been haunting Windows users. In one of the shocking news, half of the users end up paying ransom amount due to the sensitivity of the data (read more). Mobile ransomware an emerging threat and this could become a big issue in the future. It also points out the fact that large number of Android users are vulnerable.

EnergyRescue ransomware

EnergyRescue mobile ransomware was found on the Google play store. Initially, it stole all the contacts and other sensitive data like SMS etc. Upon granting administrator rights, the app would lock the entire device and ask for a ransom. Imagine what would have happened if this app had managed to slip into millions of device. The app asked for 0.2 bitcoin– around $180– in a ransom amount as it happens typically in all incidents. Following was the message given on the device.

You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.

The threat like selling the data in black market makes the situation worst. All personal data like credit card info, password, sms, social accounts, bank account and contact details are stolen and stored on remote server.

Researchers are yet to find out where the code was generated or downloaded from. Devices s located in the Ukraine, Russia, or Belarus doesn’t run the malicious code. This implicates that the cybercriminal behind mobile ransomware might be based out of Eastern Europe. Of course, it is still unknown if the data was really stolen and backed up on remote server. In many cases such claims are false just to trick the users into paying the ransom amount. Bitcoin is always a preferred payment option in such case making it impossible where the money is going to.

As of posting this, the ransomware app has been taken down from the Google play store. Investment is going on to see how the malicious code was injected in the app. The app development company has been given full support to help the researchers. However, it is believed that this might just a small testing before a large attack happens. To make the situation worse, cybercriminals can also push it to a large number of users. Imagine how easily they can distribute it via APK files hosted on apps not hosted on Google Play store.

The malicious code was inserted smartly. Researchers are yet to find out the original. It also escaped from Google’s bouncer security scanner app. This hints at the code that could have stopped the code from running on Android emulators making it impossible for Bouncer to detect. Users must be more careful about what they install from the Play Store. One should install only trusted app. It also points out the fact that one must take necessary action to stop ransomware distribution.

As a dedicated section on ransomware, we should be providing a guide on how to prevent ransomware being installed on the mobile, Windows and Mac device. Have you ever been a victim of ransomware? Do let us know your view about the same.