Lazy Ransomware Bad Guys Just Delete Your Files - Never Mind Decrypting



There is a new strain of "ransomware" that does not  bother with the whole encryption thing at all.  These bad guys seem to think it's just an unnecessary distraction and too much work. Better to just start nuking files and then present victims with a ransom note.  It's called Ranscam and here is how it looks:

Ranscam Ransomware Warning Message Screen Shot

Ranscam deceives victims by falsely claiming that files have been moved onto a hidden, encrypted partition. However, back at the ranch, this malicious code has deleted selected files and seriously messed with system settings like removing executables that drive System Restore, deleting shadow copies, and breaking Safe Mode etc. Recovering a system from this infection is very hard. This is outright destructive code and the way to recover is wipe and rebuild from bare metal.

They try to extort a ransom of 0.2 Bitcoin (about $125) but the crooks really have no mechanism at all to restore compromised files. The attackers provided the same wallet address for all payments and for all samples, said Cisco's Talos researchers.

They said: “The lack of any encryption (and decryption) within this malware suggests this adversary is looking to ‘make a quick buck’ - it is not sophisticated in anyway and lacks functionality which is associated with other ransomware such as Cryptowall.”

The malware features a fake payment verification process that automatically returns notices of failure, possibly in the hopes that desperate victims might make a fresh payment. There is no longer honor amongst thieves. Currently the Ranscam campaign does not appear to be widespread and there have been no large-scale email spam campaigns...yet. $277.61 is the sum of what's been collected so far which seems to suggest users are not paying the ransom. 

This isn't the first ransomware that deletes files... remember Jigsaw? Discovered back in April, it coerced users into paying by deleting files every hour and when the system is restarted. There is a free Jigsaw decryption available but users will need to act fast given the time sensitive nature of the attack.

Neither of these attacks has gained much ground, however both are very destructive. Regular offline backups are a much better strategy than a ransom payment strategy. It will keep money out of the hands of criminals that use payments to further develop their capabilities. 


Ransomware Hostage Rescue Manual

Get the most complete Ransomware Manual packed with actionable info that you need to have to prevent infections, and what to do when you are hit with ransomware.

Download Here

If you do not like to click on buttons with redirects, cut/paste this link in your browser:

https://info.knowbe4.com/ransomware-hostage-rescue-manual-0

 


Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews