Jump to content

Ranscam Ransomware Deletes Victims’ Files Outright


Recommended Posts

OK, first off, there is a sure fire protection against any kind of ransomware. Keep a full system image backup made with either Macrium Reflect Free or EaseUS. Then keep regular daily backups of data to an external drive at the end of each day, week, or month. I convinced my wife to do daily one minute backups to her Quicken Home and Biz files by simply asking her how long would it take her to start up another copy from scratch if hers was erased suddenly without warning? I asked how many days would you like to have to reconstruct, one day lost, a week, a year?


So no need tpo panic just learn to use the built in backup programs. If you are afraid of them being too complicated, if data challenged just go to the nearest public library and leave your computer in your rig, and watch some You Tube videos like this: https://www.youtube.com/watch?v=ajd6f8F0JwI If you don't like that one or it is too basic, then just search YouTube as there are hundreds, even in other languages if you are an import yourself.


Back to today's warning about this nasty ransomware:




"Researchers have observed ransomware so sophisticated over the last few months that we’ve seen a variant tease researchers with strings of hidden code and another composed entirely of JavaScript. But not every attacker is technically proficient; researchers are suggesting the ones behind a new strain of ransomware may just be plain lazy.


The ransomware Ranscam simply deletes users’ files, even if the victim chooses to pay, researchers at Cisco’s Talos Security Intelligence and Research Group claim, no encryption needed.


Like the ransomware’s name implies, Ranscam is just that: a ‘scam.’


According to two researchers with the group, Edmund Brumaghin and Warren Mercer, who wrote about it on Monday, after a user’s machine is infected, Ranscam starts out like any other type of ransomware. Victims are encouraged to pay 0.2 BTC ($130 US) to unlock their files, which Ranscam claims have been moved to a hidden partition and encrypted.


“Once your Bitcoin payment is received your computer and files will be returned to normal instantly,” the ransom note claims.

Once users click a verification button claiming they’ve paid, the note changes and the button morphs into a “Payment not verified” button. It threatens to delete one file every time the user clicks the button without paying. In reality the button does nothing. The malware makes two HTTP GET requests to bring up a PNG image but it’s too late: the users’ files have already been deleted. To make matters worse the files aren’t recoverable, researchers claim. Since they were never encrypted in the first place, there’s no way to decrypt them.


It’s assumed the attackers behind Ranscam are more of a fly by night crew than dedicated operation, however. Researchers claim there haven’t been any transactions associated with the Bitcoin wallet they listed since June 29th. Furthermore, the ransomware has yet to been incorporated into any large-scale email campaigns, suggesting at least for the moment, the attacker behind it are novices and the scope of Ranscam remains small.


“Ranscam shows the desire of adversaries to enter the ransomware/scareware arena,” the researchers write, “They do not need to use novel attacks or even fully functional ransomware, as seen here, this appears to be an amateur malware author and is not a sophisticated campaign.”


Deleting files has become a cruel but common trait of ransomware."


The complete article with screenshots of the dialogue screen when infected is here: https://threatpost.com/ranscam-ransomware-deletes-victims-files-outright/119197/


Last word . . . Backup!

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

RVers Online University


Our program provides accurate individual wheel weights for your RV, toad, and tow vehicle, and will help you trim the pounds if you need to.

RV Cable Grip

RV Cable Grip

All the water you need...No matter where you go

Country Thunder Iowa

Nomad Internet

Rv Share

Dish For My RV.

RV Air.

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo

  • Create New...