Security Awareness Training Blog

    Lazy Ransomware Bad Guys Just Delete Your Files - Never Mind Decrypting

    There is a new strain of "ransomware" that does not  bother with the whole encryption thing at all.  These bad guys seem to think it's just an unnecessary distraction and too much work. Better to just start nuking files and then present victims with a ransom note.  It's called Ranscam and here is how it looks:

    Ranscam Ransomware Warning Message Screen Shot

    Ranscam deceives victims by falsely claiming that files have been moved onto a hidden, encrypted partition. However, back at the ranch, this malicious code has deleted selected files and seriously messed with system settings like removing executables that drive System Restore, deleting shadow copies, and breaking Safe Mode etc. Recovering a system from this infection is very hard. This is outright destructive code and the way to recover is wipe and rebuild from bare metal.

    They try to extort a ransom of 0.2 Bitcoin (about $125) but the crooks really have no mechanism at all to restore compromised files. The attackers provided the same wallet address for all payments and for all samples, said Cisco's Talos researchers.

    They said: “The lack of any encryption (and decryption) within this malware suggests this adversary is looking to ‘make a quick buck’ - it is not sophisticated in anyway and lacks functionality which is associated with other ransomware such as Cryptowall.”

    The malware features a fake payment verification process that automatically returns notices of failure, possibly in the hopes that desperate victims might make a fresh payment. There is no longer honor amongst thieves. Currently the Ranscam campaign does not appear to be widespread and there have been no large-scale email spam campaigns...yet. $277.61 is the sum of what's been collected so far which seems to suggest users are not paying the ransom. 

    This isn't the first ransomware that deletes files... remember Jigsaw? Discovered back in April, it coerced users into paying by deleting files every hour and when the system is restarted. There is a free Jigsaw decryption available but users will need to act fast given the time sensitive nature of the attack.

    Neither of these attacks has gained much ground, however both are very destructive. Regular offline backups are a much better strategy than a ransom payment strategy. It will keep money out of the hands of criminals that use payments to further develop their capabilities. 

    Ransomware Hostage Rescue Manual

    Get the most complete Ransomware Manual packed with actionable info that you need to have to prevent infections, and what to do when you are hit with ransomware.

    Download Here

    If you do not like to click on buttons with redirects, cut/paste this link in your browser:

    https://info.knowbe4.com/ransomware-hostage-rescue-manual-0

     

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews