Ransomware locks you out, demands $35

Sunbelt Software CEO Alex Eckelberry warns in a blog posting that new ransomware is on the loose, locking up victims’ machines and demanding $35 to return functionality to the user.

The bad guys are using the Delf.ctk Trojan to hijack the PCs, and victims are told to dial a 900 number that can be traced to “passwordtwoenter.com,” a payment processor also used by hardcore pornography Web sites to charge for access to their content, Eckelberry wrote. He offers a step-by-step account of what happens, complete with screen shots the victims encounter.

Eckelberry says a search on the US 900 number shows the first link as passwordtwoenter com, which shares an IP with a number of other similar sites:

p2e com
chargemybill com
chargemyphonebill com
password2enter com
passwordtoenter com
passwordtwoenter com
phonetoenter com
pin2enter com
pintoenter com
pintwoenter com
ptwoe com

“Apparently, this is a payment processor that’s now being used for malware, whether they know it or not,” he wrote.