New “ransomware” that locks up a person’s PC and demands US$35 to return control to its user is on the prowl, a security researcher said this week.The extortionists tell victims of the Delf.ctk Trojan horse to dial a 900 number, said Alex Eckelberry, CEO of Sunbelt Software Distribution Inc., a Clearwater, Fla.-based security developer. That number can be traced to “passwordtwoenter.com,” a payment processor also used by hardcore pornography Web sites to charge for access to their content, added Eckelberry.Users infected with the Trojan horse see a full-screen message posing as an error generated by Windows, according to screenshots posted by Eckelberry on the Sunbelt company blog on Monday. “ERROR: Browser Security and Antiadware [sic] Software component license exprited [sic],” the message reads. “Surfing PORN, ADULT and some other kind of sites you like without this software is dangerous and threatens with infection of your computer by harmful viruses, adware, spyware, etc.”The bogus update window includes a “Click to activate new license” button that in turn brings up another screen, this one telling U.S. users to dial a 900 telephone number and enter a personal identification number (PIN). If the 900 number doesn’t work, the page instructs users to dial alternate numbers — one in the West African nation of Cameroon, the other a satellite telephone number. “You’re completely locked out of the system” after the Delf.ctk Trojan horse installs and runs, said Eckelberry. The only way to regain control is to pay up by dialing.A search on Google for the 900 number returns results pointing to passwordtwoenter.com, a Web site registered to Global Voice SA, a company based in the Republic of Seychelles, an island nation in the Indian Ocean. The IP address used by passwordtwoenter.com is shared with similar domains, including “pintoenter.com” and “chargemyphonebill.com,” which are also registered to Global Voice. Global Voice did not respond to e-mail sent to the address listed in the domain registration information for passwordtwoenter.com.Ransomware, a term used to describe malware that tries to extort money from users after an infection — usually to return access to suddenly-encrypted files — is rare, but not unknown. The last outbreak of any note was in July 2007, when another Trojan horse, dubbed “GpCode,” demanded $300 to unlocked frozen files.By Gregg Keizer, Computerworld Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe