New Ransomware Erases Computer on Contact
The latest ransomware strain almost instantly wipes files from a user’s computer while leading the user to believe files can still be recovered.
Cybersecurity researchers at threat intelligence firm, Cisco Talos, said this Ranscam attack relies on simple intimidation rather than complexity.
Once a user’s machine is infected, Ranscam starts out like any other type of ransomware. Victims are told to pay 0.2 BTC ($130 US) to unlock their files, which Ranscam claims have been moved to a hidden partition and encrypted.
“Once your Bitcoin payment is received your computer and files will be returned to normal instantly,” the ransom note claims.
If a user clicks the verification button alerting the hacker of payment, the note changes into an image with a “Payment not verified” button, and threatens to delete one file everytime the user clicks that button without paying.
In reality, the button does nothing, as the user’s files have already been erased and are unrecoverable.
Researchers claim the malware works as follows: a .NET executable calls on a batch file which multiplies and populates throughout the victim’s file system. From there, a script deletes a slew of important files: the core Windows .EXE responsible for System restores, shadow copies, and registry keys associated with booting the machine into Safe Mode.
Cisco Talos researchers said the lack of encryption/decryption capabilities suggests that cyber thieves have stripped down the malware to make a quick buck with little trouble. It also suggests that the ransomware is making its way down the cybercriminal food chain to its lowest levels.
Posted in General News