Now tech support scams are exploiting WannaCry ransomware fears

Police issue warning over fake support scams using WannaCry to scare PC users into paying up.
Written by Danny Palmer, Senior Writer

WannaCry impacted thousands of organisations around the world.

Image: Cisco Talos

Cybercriminals are attempting to exploit the notoriety of WannaCry for their own ends, with scams designed to prey on fears surrounding the high-profile global ransomware campaign.

The WannaCry ransomware epidemic hit 300,000 PCs around the globe, using worm-like capabilities to spread and infect Microsoft Windows machines, particularly those using older operating systems.

But while the worst of the WannaCry epidemic appears to be over, that isn't stopping scammers from launching fraudulent tech-support scams looking to exploit fears about the ransomware -- and they've already claimed victims.

The UK's fraud and cybercrime centre, Action Fraud, and the City of London police have issued an alert in an effort to warn members of the public about these scams.

The scam begins with a pop-up window -- which doesn't close -- claiming to be a warning from Microsoft that tells the victim they've been hit with WannaCry. The victim is urged to phone a fake support-line number, and asked to give the scammer on the other end of the line remote access to their PC.

After this access has been granted, the fraudsters install the free Windows Malicious Software Removal Tool, and then charge the victim £320 for the privilege.

"It is important to remember that Microsoft's error and warning messages on your PC will never include a phone number," warns a police statement. "Microsoft will never pro-actively reach out to you to provide unsolicited PC or technical support. Any communication they have with you must be initiated by you."

The tech-support scam isn't the only instance of attempts to exploit fears over WannaCry.

While the ransomware targets only Windows, some apps are now trying to exploit fears of WannaCry with fake 'WannaCry protection' for Android devices.

Unearthed by cybersecurity researchers at McAfee, an Android app called 'WannaCry Ransomware Protection' claims to offer antivirus protection against WannaCry and other ransomware, but it's in fact adware.


Fake WannaCry protection app

Image: McAfee

Once the app is installed, it displays adverts and requests that users install other apps, claiming that additional installations will help protect the user. But all they do is display adverts, likely for the purposes of driving click-through based revenue.

The app isn't sophisticated and, according to McAfee, "it is clear the developers put little time into this development".

Another app named 'Anti WannaCry Virus' also promises protection but delivers unwanted adware features.

In both cases, these apps have five-star reviews from users, which the researchers say "tells us something about the value of online reviews".

Google says a "proactive review" process is designed to catch malicious apps which slip through as early as possible, but despite contact from McAfee, the 'WannaCry Ransomware Protection' for Android app remains in the Google Play store at the time of writing.

Read more on WannaCry

Editorial standards