Ranscam is a new type of ransomware that hasn’t bothered to innovate and lacks the technological sophistication of its brethren. Instead of using advanced encryption techniques to lock victims’ files away for ransom, Ranscam lies about the state of the files while demanding a ransom.
In the case of most ransomware, victims have the opportunity to pay their attackers off and retrieve their precious files. This is generally considered a vital part of the ransomware equation. However, Ranscam doesn’t have the capability to restore the lost files as it simply deletes them from the hard drive. In other words, it doesn’t care if people don’t pay up – those files are gone forever.
The ransom notice also plays into furthering the scam. It warns victims that one file will be deleted for every failed payment verification that happens. Of course, no verification actually happens behind the scenes.
Cisco’s Talos Security Intelligence and Research Group was the first to report this especially problematic version of ransomware. The group had also discovered that the Ranscam group maintains a proper helpdesk, like most other ransomware groups. It mostly offers advice and information about obtaining Bitcoin to pay the ransom; although it looks like the criminals are willing to respond to other queries.
It looks like more cybercriminals are figuring out how profitable ransomware can be, and are trying to get in on the scam. Of course, not everyone has the means to create actual ransomware and Ranscam is probably the next “best” thing that can be done to cash in on the trend. There is, after all, no honour among thieves.
[Source: Talos]
