Following on from other recent Netflix attacks, cyber criminals are at it again. With over 93 million users, Netflix has gained the attention of criminals looking to take advantage. This time they’re targeting users looking to watch Netflix for free. Attackers often attempt to monetize compromised accounts by selling them or by exploiting server vulnerabilities, but also for the distribution of Trojans to steal users’ financial and personal information.
Trend Micro discovered the ransomware known as RANSOM_ NETIX.A which is targeting Windows 7 and Windows 10 computers and terminates itself if it runs on a different platform variant. Websites offering free Netflix accounts via a Login Generator by using other peoples accounts are luring people into downloading malicious ransomware that attacks their PC by holding it to ransom. When the user executes the Netflix login generator, the executable drops another copy of itself (netprotocol.exe) and executes. The program’s main window provides users with a button to generate logins, which displays another prompt window when clicked on. This second window supposedly presents the user with the login information of a genuine Netflix account.
However, these are fake prompts and windows. The ransomware uses these to distract the user and starts to encrypt files in the background. It employs AES-256 encryption algorithm and appends the encrypted files with the .se extension. The malware targets 39 file types that could be found under the C:\Users directory. The ransom notes, which appear as a wallpaper, then demand $100 worth of Bitcoin (0.18 BTC) from its victims.
Trend Micro advises:
The scam is also a reminder of the risks involved in pirating content—may they be movies, music, software, or paid memberships. Does getting your important files encrypted worth the piracy? Netflix’s premium plan costs around $12 per month, and allows content to be streamed in four devices at the same time. Compare that with $100 you need to pay in order to get your files decrypted. Getting them back isn’t guaranteed either, as other ransomware families have shown.
It is advised to only download from reputable sites. Don’t click ads promising the impossible because if it sounds too good to be true, it usually means it is and it is a good idea to avoid it.