Tech support scammers started new “Suspicious Ransomware Activity detected” scam – learn how to identify it
“Suspicious Ransomware Activity detected” tech support scam virus[1] is a malicious computer program that redirects the victim to phishing web pages and seeks to convince him that computer has been infected with ransomware or a similar malicious virus. Such deceptive program will redirect to deceptive websites such as shoppin-online[.]website and display misleading messages on the screen, asking to call “Microsoft certified technicians” at +1-844-699-8351.
This particular site contains every possible Microsoft logo and even the “Your PC ran into a problem” message which is familiar to every computer user. If such site appeared on your screen, we suggest you remove “Suspicious Ransomware Activity detected” scam right away. The website then goes full-screen and triggers a message from a web page, saying:
Your system has detected possible Suspicious Ransomware Activity, please call the toll free number below for a Microsoft certified technician to help you resolve the issue.

The malicious virus keeps repeating that the victim has to get in touch with these technicians in order to resolve the issue. However, we must inform you that scammers cannot remotely identify “suspicious ransomware activity” because once ransomware strikes, it encrypts all files in a few seconds, besides, Microsoft would never attempt to display some warnings via your web browser.
The only way that Microsoft could inform you that a ransomware attack was identified and stopped is by showing a message from Windows Defender. However, if you use a different anti-spyware or anti-malware software, Windows Defender will be disabled, and the responsibility for your computer’s protection will be passed to your chosen security program.
The virus displays repetitious warnings, threatening the victim that taking any arbitrary actions will result in complete data loss or failure of the operating system. Do not believe such statements as they are entirely deceptive. People who work in underground offices will pick up the phone if you dial the number provided, and tell you all kinds of lies just to convince you to do one of the following:
- Provide personal data such as credit card details, name, email, and more;
- Purchase scam software packs for an enormous price;
- Provide remote access to the computer for the attackers so that they can plant even more malware on the system[2].

You should take actions to protect your privacy and operating system by performing a full “Suspicious Ransomware Activity detected” removal. We highly recommend you to download FortectIntego or SpyHunterCombo Cleaner software, update it and perform a system scan with it to identify and eliminate the program that sends these deceptive pop-ups to you.
Distribution and promotion of tech support scam malware
There are two ways to land on a phishing website registered by tech support scammers. Usually, victims accidentally visit such websites after installing ad-serving malware on their computers, although they can unconsciously install tech support scam malware by opening shady links or files added to emails sent to them by strangers. If the “Suspicious Ransomware Activity detected” pop-up started appearing on your screen, you must identify the malicious software placed on your PC and wipe it off the system along with all of its components.
Sometimes, people install shady software alongside freeware such as media players, file converters, and similar programs. To bypass potential risks of installing dangerous additions, make sure you select Custom or Advanced installation settings and remove every check mark placed next to agreement to install suggested extras.
Removing “Suspicious Ransomware Activity detected” malware can be tricky
Even if you are an experienced computer user, it can be hard to remove Suspicious Ransomware Activity virus because it can hide in your PC under a variety of different names. Therefore, we recommend running a scan with anti-malware software that can thoroughly check each file and see if it contains malicious functions. We do not recommend you to try to perform a manual “Suspicious Ransomware Activity detected” removal because if it results in failure, you can do more harm than good. We suggest you restart your PC into Safe Mode with Networking before launching the security program.
Was this guide helpful?
Be the first to comment