Windows ransomware poser actually just deletes files

There is a disturbing rise of malware of late, especially of the ransomware type, and no platform, not even macOS, is safe. Windows, of course, is notoriously easy to compromise, but it seems that some miscreants are willilng to go beyond orthodox ransomware tactics to make a quick buck. One such malware is being called Ranscam, which is a very apt name. While this malware does claim to have encrypted victims' files and hold them for ransom, in truth, it has already deleted those files and are simply trying to dupe those victims into paying to recover something that just isn't there anymore.

Most ransomware follow a similar tactic once they get control of a computer or mobile device. They encrypt certain files, personal documents are a favorite, and then display a message instructing the user to pay, usually with bitcoins, to receive the decryption key to save their files. Of course, there is never an assurance that the culprits behind the ransomware will actually hold their end of the bargain, although some do. Such are the risks of dealing with less scrupulous people.

Ranscam, however, is completely without honor, as much honor as you can find among thieves and scam artists. It claims to have encrypted the users' files and then makes the usual demand. However, it adds an additional threat. For each time the user clicks on the "payment sent" button but no payment was received, it threatens it will delete a file. That, however, is a total farce.

In truth, files have already been deleted, so whether the victim pays or not is moot. The perpetrators don't have any way to recover those delete files anyway. Also, the threats it flashes users are simply static images fetched from a remote server. Users might just as well be clicking on a two-slide presentation.

The good news is that reported Ranscam infections are small, according to Cisco's Talos Security Intelligence group. That said, that can also be a problem. It does mean that the pattern, source, and manner of infection is harder to pin down, and the malware's almost aimless existence might come back to bite us in the future. So far, no one seems to be paying up, and hopefully it will remain that way.

SOURCE: Talos