'MSSecTeam' Tech Support Scam
The 'MSSecTeam' tech support scam involves a lock screen meant to trick computer users into paying large amounts of money. The 'MSSecTeam' tech support scam uses a fake message from the 'Microsoft's Security Team' to alert the victim that the affected computer's files have been encrypted, and then demanding the payment of a ransom. According to the 'MSSecTeam' tech support scam message, the victim's files were encrypted because of 'illegal activity.' The 'MSSecTeam' tech support scam message claims that the ZhuangZi encryption was used to lock down the victim's files. This is a non-existent encryption method, used to scare computer users into paying a ransom of 0.5 BitCoin, which is sent to the email address mssecteam@sigaint.org.
The 'MSSecTeam' Tech Support Scam Disables Various Services and Programs
Apart from displaying a lock screen, the 'MSSecTeam' tech support scam will prevent computer users from accessing their machines. The 'MSSecTeam' tech support scam stops the Windows Explorer and the Windows Task Manager, as well as other Windows services and programs that would allow computer users to bypass a message like the one used by the 'MSSecTeam' tech support scam. The main reason for this is to make the computer user believe that there is no way to recover access to the infected computer. The following is the text contained in the 'MSSecTeam' tech support scam lock screen:
'Have A Key?
Files Locked: Complete/Yes
Case No: 43278
System Status: Locked
Contact Us: mssecteam@sigaint.org Notice from Microsoft Corporation
All activities of this computer have been recorded.All your files are encrypted as our government order.We used ZhuangZi encryption method to encrypt your files.
Your computer has been blocked due to violation of Copyright and Related rights law and illegally using and distributing copyrighted contents.Your documents,database and all files have encrypted with strongest encryption and unique key,generated for this computer.Your decryption key is stored on a Internet server.No third party softwares can decrypt your files until you pay and obtain the private key.If you don't send money to our Microsoft address within the week,your all files will be parmanently crypted and no one will be able to recover them.(Article 1,Section 8; Article 202; Article 210 of the criminal code of U.S.A. provides for a deprivation of liberty for 4-12 years) This computer lock is aimed to stop below illegal activity
Your IP was used to:
Working on illegal copy of Windows
Sending Spam messages using Botnets
Distributing copyrighted contents via Torrents
Visiting harmful websites for download malware infected software'
The lock screen used by the 'MSSecTeam' tech support scam includes two buttons in its display, which are marked 'License' and 'Payment.' Clicking on these buttons makes additional messages pop-up. Clicking on the 'License' button will make the following message appear on the victim's computer screen:
'SCOPE OF LICENSE.
The software is licensed, not sold. This agreement only gives you some rights to use the features included in the software edition you licensed.
Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement.
In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways.
You may not
1·work around any technical limitations in the software;
2·reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;
3·use components of the software to run applications not running on the software;
4·make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;
5·publish the software for others to copy;
6·rent, lease or lend the software; or
7·use the software for commercial software hosting services.'
When the victims click on the button marked 'Payment,' the following message will appear on their screens:
'Install Tor Browser in another PC.
Your all files are locked.Pay 0.5 Bitcoins to our unique address to get back your files.
For address mail me with your Name,Institute name along with your E-mail ID and Case no:
for more information about how to pay? Leave a mail
mssecteam@sigaint.org'
Trying to close the 'MSSecTeam' tech support scam program will instead display the following message:
'Please contact msssecteam@sigaint.org with your Institute Name.'
Dealing with the 'MSSecTeam' Tech Support Scam
The 'MSSecTeam' tech support scam is a hoax, and there is no truth to any of its message. Fortunately, it does not encrypt its victims' files. Because of this, removing the 'MSSecTeam' tech support scam is a simple matter of starting up Windows using Safe Mode or another alternate start-up method. Once access has been restored to the infected computer, a reliable security program can be used to remove the 'MSSecTeam' tech support scam infection itself.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.