Despite some positive signs for the overall world of digital security, ransomware infections have been on the rise for years now. Over that time, we’ve seen classic ransomware, TV ransomware, educational ransomware, and so on. But today, we’re seeing a new type of attack: the ransomware scam.
All ransomware uses essentially the same modus operandi: it infects a user’s device, uses strong encryption to hijack files, and then demands a ransom, usually in the form of bitcoins, to decrypt the files. So far, ransomware has been very successful in getting money out of users, because it relies on an implicit relationship of trust: your files are safe and will be decrypted once you pay.
But a new type of ransomware, discovered by Cisco researchers, does away with the trust, and the encryption and pretty much everything else. Dubbed Ranscam, this new malicious attack is using scare tactics to try and con money out of users and it’s giving real ransomware a bad name (relatively speaking...).
Ranscam works by infecting a PC and simply deleting users’ files. It then displays a pop-up image, downloaded from a remote server, that instructs the user to forward money to a specific account if the user wants his files back. It also warns the user that clicking the “pay” button without actually transferring money will delete one of their precious files. Obviously, even if users do pay, they never get their files back because they were already deleted.
The good news here is that Ranscam seems to be limited in its spread and that the scammers behind it don’t seem to be receiving any money. Still, with organizations and companies oftentimes accepting to pay ransomware to get back their files, this latest development is a worrying one – even for “legitimate” ransomware makers. If there’s no trust, more users might elect to not pay and instead protect themselves with back-ups. Though, in reality, that’s probably the best thing that can happen.