
I am calling from Microsoft and we detected an issue with your win installation - DyslexicAtheist
https://threadreaderapp.com/thread/1082650738927591425.html
======
DyslexicAtheist
in English:

The phone just rang at the CCC.

"Sir, I am calling from Microsoft and we have detected an issue with your
windows installation."

JACKPOT.

I was connected to someone who spoke German. How convenient.

The nice lady helped me to set up the RDP access in the Windows 7 VM.

She then led me through a lengthy process. The system was infected, you could
clearly see that at the terminal output (only really colored in red).

"There is a service fee to clean the system."

"I have my credit card data stored in a file, wait a minute."

The lady then copied the file directly to her own computer. Then it became
quiet in the line. Perhaps the ransomware coupled to the file was responsible
for this, which otherwise serves as a test payload for customer systems.

Of course, the variant only encrypts five files and then stops. So if you set
it that way. Much cursing and the conversation was abruptly interrupted from
her side.

Maybe I call back, pretend to be a Microsoft employee and offer to disinfect
the computer?

source (in German):
[https://twitter.com/grauhut/status/1082650738927591425](https://twitter.com/grauhut/status/1082650738927591425)

------
rinchik
Extremely inhumane and cruel! Similar to punishing poachers for barely making
a living and not the black industry/market.

Some poor man/woman on the other side of the line probably lost a day of work
because of this!

The best thing to do with these scammers is to ignore.

~~~
mobiliakas1
I disagree. They said they have encrypted some files on the scammers computer
by planting supposed banking credentials which they did copy without any
consent. Having watched some similar experiences in YouTube I can say theft of
banking credentials or personal data is commonplace. They probably did prevent
misuse of some stolen banking or personal information.

~~~
3R3130R
its possible they unintentionaly gave a scammer a sample of ransomware code
they could then reverse engineer. the results could be an asymetric irony.
they could have made the scammer even more formidable.

------
module0000
More of this please!

~~~
DyslexicAtheist
here (old but gold DEFCON18 talk) Pwned By The Owner: What Happens When You
Steal A Hacker's Computer [https://www.youtube.com/watch?v=Jwpg-
AwJ0Jc](https://www.youtube.com/watch?v=Jwpg-AwJ0Jc)

