Jump to content

Ranscam Ransomware Deletes Victims’ Files Outright


RV_

Recommended Posts

OK, first off, there is a sure fire protection against any kind of ransomware. Keep a full system image backup made with either Macrium Reflect Free or EaseUS. Then keep regular daily backups of data to an external drive at the end of each day, week, or month. I convinced my wife to do daily one minute backups to her Quicken Home and Biz files by simply asking her how long would it take her to start up another copy from scratch if hers was erased suddenly without warning? I asked how many days would you like to have to reconstruct, one day lost, a week, a year?

 

So no need tpo panic just learn to use the built in backup programs. If you are afraid of them being too complicated, if data challenged just go to the nearest public library and leave your computer in your rig, and watch some You Tube videos like this: https://www.youtube.com/watch?v=ajd6f8F0JwI If you don't like that one or it is too basic, then just search YouTube as there are hundreds, even in other languages if you are an import yourself.

 

Back to today's warning about this nasty ransomware:

 

Excerpt:

 

"Researchers have observed ransomware so sophisticated over the last few months that we’ve seen a variant tease researchers with strings of hidden code and another composed entirely of JavaScript. But not every attacker is technically proficient; researchers are suggesting the ones behind a new strain of ransomware may just be plain lazy.

 

The ransomware Ranscam simply deletes users’ files, even if the victim chooses to pay, researchers at Cisco’s Talos Security Intelligence and Research Group claim, no encryption needed.

 

Like the ransomware’s name implies, Ranscam is just that: a ‘scam.’

 

According to two researchers with the group, Edmund Brumaghin and Warren Mercer, who wrote about it on Monday, after a user’s machine is infected, Ranscam starts out like any other type of ransomware. Victims are encouraged to pay 0.2 BTC ($130 US) to unlock their files, which Ranscam claims have been moved to a hidden partition and encrypted.

 

“Once your Bitcoin payment is received your computer and files will be returned to normal instantly,” the ransom note claims.

Once users click a verification button claiming they’ve paid, the note changes and the button morphs into a “Payment not verified” button. It threatens to delete one file every time the user clicks the button without paying. In reality the button does nothing. The malware makes two HTTP GET requests to bring up a PNG image but it’s too late: the users’ files have already been deleted. To make matters worse the files aren’t recoverable, researchers claim. Since they were never encrypted in the first place, there’s no way to decrypt them.

 

It’s assumed the attackers behind Ranscam are more of a fly by night crew than dedicated operation, however. Researchers claim there haven’t been any transactions associated with the Bitcoin wallet they listed since June 29th. Furthermore, the ransomware has yet to been incorporated into any large-scale email campaigns, suggesting at least for the moment, the attacker behind it are novices and the scope of Ranscam remains small.

 

“Ranscam shows the desire of adversaries to enter the ransomware/scareware arena,” the researchers write, “They do not need to use novel attacks or even fully functional ransomware, as seen here, this appears to be an amateur malware author and is not a sophisticated campaign.”

 

Deleting files has become a cruel but common trait of ransomware."

 

The complete article with screenshots of the dialogue screen when infected is here: https://threatpost.com/ranscam-ransomware-deletes-victims-files-outright/119197/

 

Last word . . . Backup!

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...