Sunbelt Software CEO Alex Eckelberry warns in a blog posting that new ransomware is on the loose, locking up victims’ machines and demanding $35 to return functionality to the user.
The bad guys are using the Delf.ctk Trojan to hijack the PCs, and victims are told to dial a 900 number that can be traced to “passwordtwoenter.com,” a payment processor also used by hardcore pornography Web sites to charge for access to their content, Eckelberry wrote. He offers a step-by-step account of what happens, complete with screen shots the victims encounter.
Eckelberry says a search on the US 900 number shows the first link as passwordtwoenter com, which shares an IP with a number of other similar sites:
“Apparently, this is a payment processor that’s now being used for malware, whether they know it or not,” he wrote.