You are here

HomeJohn Lister › 'Lazy' Ransomware Deletes Every File in Sight

'Lazy' Ransomware Deletes Every File in Sight

John Lister's picture
by John Lister on July, 19 2016 at 09:07AM EDT

Is there fair play amongst ransomware scammers? A particularly lazy variant of "ransomware" is making its rounds, though researchers say that paying up will never pay off.

For the most part, ransomware usually involves a nasty malware program encrypting files on a PC, followed by a promise of a decryption key - but only if the victim pays a ransom. It would make sense that if people stopped believing this would happen, they would stop handing over the cash.

Files Deleted Rather Than Encrypted

Now security company Talos has spotted a variant where there's absolutely no prospect of the scammers unlocking a victim's files. That's because their approach "lacks complexity" and simply deletes every file in sight before the ransom process even begins. (Source: talosintel.com)

According to Talos, the Ranscam software falsely claims to have hidden and encrypted files on a hard drive partition. It also gives a Bitcoin address to make a ransom payment to unlock the files.

Whether or not the victim actually makes the payment, the next step is to type in their email address on the infected computer and click a button to say they've made the payment. The Ranscam software then simply claims the payment hasn't been verified, effectively accusing the victim of lying, and warns that it will delete one file every time the victim clicks a button.

In reality, the software is simply reloading and cycling through a set of image files that look like computer activity to give the false impression the system is verifying the payment. (Source: arstechnica.co.uk)

New Approach Could Upset Old Guard

Why the attackers have taken this approach isn't clear, but it appears likely they are either lazy or lack the skills to write a more sophisticated ransomware program. Either way, they have managed the unlikely task of coming across as both less honest and more shortsighted than those running more traditional ransomware scams.

This approach could mean more people don't pay up for ransomware demands, figuring it will bring them no benefit. That could threaten the business model of successful ransomware operators who have pulled in cash from organizations such as medical centers and police force, where staff conclude it's cheaper to pay up than to try to figure out a way to break the encryption.

What's Your Opinion?

If you were hit by a ransomware demand, would you trust the scammers to unlock your files if you paid up? Is it really a surprise that the scammers in this case turn out to be untrustworthy? Can you foresee the more traditional ransomware practitioners turning against this new breed?

Filed under:
Security
| Tags:
victim
,
scammers
,
files
,
payment
,
ransomware
,
bitcoin
Rate this article: 
Average: 3.7 (3 votes)

Comments

Dennis Faas's picture

Submitted by Dennis Faas on Tue, 07/19/2016 - 09:57

I've said it before and I'll say it again: make disk image backups of your entire system and store them offline (on an external hard drive) and you won't need to pay up, ever, for any ransomware scam. If anyone needs help setting up disk image backups, I would be more than happy to answer any questions you may have and can also assist in getting it done by remote using my remote desktop support service. Simply contact me with a brief message and I'll get back to you as soon as possible.

ecash's picture

Submitted by ecash on Tue, 07/19/2016 - 18:45

If you want to KEEP DATA...dont leave it on the computer...
PERIOD..
Pictures, music, movies, Documents...Anything DATA..

Programs are easy(most times) to get back. Even if you have to pay money again for them. DATA can be LOST forever.

Also..even if you network it to remote location..DOES NOT mean it is safe.
The Virus can follow your DATA, Network, backup..
NEVER AUTO BOOT on CD/FLASH/input devices..

Before backups...SCAN everything..Be very sure its clean..And KEEP 2-3 Backups..from Different times..about 1 month apart, AT LEAST..so that if a Virus was BACKED UP, you can go back another MONTH..

Game backups, and SAVES...can be a problem unless you can FIND them. trying to find ALL saves and backups for evcry Program is a Pain..

Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.