Ranscam Malware Poses As Ransomware But Just Deletes Your Files

Cisco’s Talos Labs has uncovered a nasty piece of malware that poses as ransomware but instead actually just deletes your files even if the ransom is paid.

The malware, which has been dubbed ‘Ranscam’ follows the conventional ransomware route by infecting a computer, encrypting the files, and then demanding a payment to unlock them.

Deletes Files

“Ranscam is one of these new ransomware variants,” said the researchers.

“It lacks complexity and also tries to use various scare tactics to entice the user to paying, one such method used by Ranscam is to inform the user they will delete their files during every unverified payment click, which turns out to be a lie. There is no longer honour amongst thieves.

“Ranscam simply delete victims’ files, and provides yet another example of why threat actors cannot always be trusted to recover a victim’s files, even if the victim complies with the ransomware author’s demands.

The researchers pointed out that some organisations tend to pay these ransoms, but nothing can be guaranteed whilst being held hostage to these criminals.

“Ranscam further justifies the importance of ensuring that you have a sound, offline backup strategy in place rather than a sound ransom payout strategy,” they said. “Not only does having a good backup strategy in place help ensure that systems can be restored, it also ensures that attackers are no longer able to collect revenue that they can then reinvest into the future development of their criminal enterprise.

It seems that an infected computer displays a ransom note that unusually says that the files have been moved to a ‘hidden encrypted partition.’ It demands 0.2 bitcoins to unlock the files, and gives the victim a button to click to verify that the payment has been paid. But it warns that one file will be deleted each time that button is clicked without payment.

“The unfortunate reality is, all of the user’s files have already been deleted and are unrecoverable by the ransomware author as there is no capability built into Ranscam that actually provides recovery functionality. The author is simply relying on ‘smoke and mirrors’ in an attempt to convince victims that their files can be recovered in hopes that they will choose to pay the ransom.

“The lack of any encryption (and decryption) within this malware suggests this adversary is looking to ‘make a quick buck’ – it is not sophisticated in anyway and lacks functionality which is associated with other ransomware such as Cryptowall.”

“As Ranscam shows, threat actors cannot simply be trusted and often use deception as a means to achieve their objective, which in this case is convincing victims to pay out,” they said. “This is because they never intended on providing a means to retrieve or recover the victim’s files in the first place.

Ransomware Plague

Thankfully it seems that this ranscam is not widespread at the moment. But ransomware is a huge threat and has hit all types of organisations including hospitals and even NASCAR racing teams.

Researchers at the University of Florida this week claimed to have developed technology that can stop ransomware attacks before they cause too much damage.

Earlier this year the gang behind the TeslaCrypt ransomware shut down their criminal operation and apologised. The gang also handed over the universal master decryption key to the malware to security researchers ESET.

ESET has previously warned that the UK was being heavily targeted by ransomware.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

1 hour ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

2 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

3 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

5 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

8 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

8 hours ago