Skip to content ↓ | Skip to navigation ↓

Computer criminals are luring in users with a Netflix membership account piracy scam and tricking them into installing ransomware.

The scam starts when a Windows/PC user downloads what they believe is a Netflix login generator. These types of tools are usually available on websites that host cracked applications and offer access to premium web services. Login generators enable users to gain access to someone else’s account. With a Netflix login generator, users can therefore view Netflix content for free in violation of the service’s terms and conditions.

Fake Netflix Login Generator. (Source: Trend Micro)

There’s just one problem for would-be Netflix pirates. This login generator is a fake. It’s a disguise for a ransomware called RANSOM_NETIX.A.

Trend Micro’s researchers explain in a blog post:

“The ransomware starts as an executable (Netflix Login Generator v1.1.exe) that drops another copy of itself (netprotocol.exe) and then executed afterwards. Clicking the “Generate Login” button leads to another prompt window that purportedly has the login information of a genuine Netflix account. RANSOM_NETIX.A uses these fake prompts/windows as distraction while it performs its encryption routine on 39 file types under the C:\Users directory.”

The ransomware uses the AES-256 standard for its encryption routine. Once it’s done, it displays its ransom note as the infected system’s desktop wallpaper. The message instructs the victim to open a file called “Instructions.txt.”

The ransom note displayed as wallpaper in the affected system. (Source: Trend Micro)

Per its name, the text file contains a series of instructions for the ransomware victim to follow. It first instructs them to purchase 100 USD worth of Bitcion. Once they’ve done that, they are to visit a website where they must enter in a unique identifier to gain access to the decrypter utility.

One of the ransom notes with instructions to victims. (Source: Trend Micro)

Of course, that’s what they want a user to think. The truth is that computer criminals often don’t send over a decryption tool once a victim has paid. They want the victim’s money first and foremost. They are under no obligation to help the user regain access to their files.

Given the lack of honor among thieves, it’s important that users take steps now to prevent a ransomware attack in the first place. They should, for instance, update their systems regularly and install an anti-virus solution on their computers. At the same time, they should keep a backup of their data just in case.

Additionally, users should NEVER employ a service that lets them take advantage of someone else’s compromised account. It’s a crime to do so, meaning fines and/or prison time are a likely consequence.