Ranscam is a New Ransomware That Takes Your Money and Still Deletes Your Files

Ransomware often render computers unusable, and it seems more are just showing up in the wild every now and then. While antivirus programs often detect this, new ones can be pretty elusive and hard to detect. Attackers often prey on victims’ ignorance to spread the menace through free downloads.

Image credit: Talos

A new strain of ransomware has appeared, and this may be one of the worst we’ve seen. In most cases, a well-coded malware will encrypt users files, lock down the PC and request for payment. After payment is made, the victim is usually granted access to the machine once again. However, a malware strain detected by Cisco Talos security team will eventually delete a user’s files even after payment has been made.According to them, this malware isn’t so sophisticated, it looks more like a case of bad programming done for some quick bucks. According to Talos, Ranscam is the shoddy work of an amateur hacker:

This appears to be an amateur malware author and is not a sophisticated campaign. The main component of Ranscam is scaring victims into paying, and they do not even manage to facilitate that at times due to failures in the frame rendering used to deliver their malware payment screen.

The Attacker doesn’t care about trust as “there is no longer honor amongst thieves.” Talos said:

Ranscam simply delete victims’ files, and provides yet another example of why threat actors cannot always be trusted to recover a victim’s files, even if the victim complies with the ransomware author’s demands.

Complying with the attacker’s demand is not going to set your files free. Apart from wiping off your files, the malicious program still goes ahead to delete key Windows files and Registry entries, making it impossible to perform a system recovery or restore.

According to the researchers, the Ranscam author has only gotten about $277.61 so far as the same the same Bitcoin address is being used to receive payments.

Image credit: Talos

When a victim clicks the payment verification button after payment, a message appears that the payment verification failed, and that a fresh file will be deleted with each verification failure. In actual fact, no real verification happens.

To stay safe, regularly updating your antivirus should be of help. It is also important never to download files from unknown email senders. Another way malware like this spread is though downloading pirated software programs.