"MS Support" victim with a new twist

[Cambridge PC Support]

Once it's been encrypted, you have 3 choices:

1. Guess the password
2. Restore from reg backup
3. Backup the user data, and then n&p

 

[glricht]

Hi Gary,
Instead of explaining I'll point you in the direction of this nice video which is pretty much the same as what we did: https://www.youtube.com/watch?v=5ow0NCpD0bU

Kind regards,
Julian

Thanks Julian.

However, this technique doesn't stop SysKey from being invoked, it just sets a password that is auto-entered each time. And of course, if I'm unable to guess what the scammer used as a password, I'm back to the manual off-line system restore (assuming there are restore points available!)