'Lazy' Ransomware Deletes Every File in Sight

John Lister's picture

Is there fair play amongst ransomware scammers? A particularly lazy variant of "ransomware" is making its rounds, though researchers say that paying up will never pay off.

For the most part, ransomware usually involves a nasty malware program encrypting files on a PC, followed by a promise of a decryption key - but only if the victim pays a ransom. It would make sense that if people stopped believing this would happen, they would stop handing over the cash.

Files Deleted Rather Than Encrypted

Now security company Talos has spotted a variant where there's absolutely no prospect of the scammers unlocking a victim's files. That's because their approach "lacks complexity" and simply deletes every file in sight before the ransom process even begins. (Source: talosintel.com)

According to Talos, the Ranscam software falsely claims to have hidden and encrypted files on a hard drive partition. It also gives a Bitcoin address to make a ransom payment to unlock the files.

Whether or not the victim actually makes the payment, the next step is to type in their email address on the infected computer and click a button to say they've made the payment. The Ranscam software then simply claims the payment hasn't been verified, effectively accusing the victim of lying, and warns that it will delete one file every time the victim clicks a button.

In reality, the software is simply reloading and cycling through a set of image files that look like computer activity to give the false impression the system is verifying the payment. (Source: arstechnica.co.uk)

New Approach Could Upset Old Guard

Why the attackers have taken this approach isn't clear, but it appears likely they are either lazy or lack the skills to write a more sophisticated ransomware program. Either way, they have managed the unlikely task of coming across as both less honest and more shortsighted than those running more traditional ransomware scams.

This approach could mean more people don't pay up for ransomware demands, figuring it will bring them no benefit. That could threaten the business model of successful ransomware operators who have pulled in cash from organizations such as medical centers and police force, where staff conclude it's cheaper to pay up than to try to figure out a way to break the encryption.

What's Your Opinion?

If you were hit by a ransomware demand, would you trust the scammers to unlock your files if you paid up? Is it really a surprise that the scammers in this case turn out to be untrustworthy? Can you foresee the more traditional ransomware practitioners turning against this new breed?

Rate this article: 
Average: 3.7 (3 votes)


Dennis Faas's picture

I've said it before and I'll say it again: make disk image backups of your entire system and store them offline (on an external hard drive) and you won't need to pay up, ever, for any ransomware scam. If anyone needs help setting up disk image backups, I would be more than happy to answer any questions you may have and can also assist in getting it done by remote using my remote desktop support service. Simply contact me with a brief message and I'll get back to you as soon as possible.

ecash's picture

If you want to KEEP DATA...dont leave it on the computer...
Pictures, music, movies, Documents...Anything DATA..

Programs are easy(most times) to get back. Even if you have to pay money again for them. DATA can be LOST forever.

Also..even if you network it to remote location..DOES NOT mean it is safe.
The Virus can follow your DATA, Network, backup..
NEVER AUTO BOOT on CD/FLASH/input devices..

Before backups...SCAN everything..Be very sure its clean..And KEEP 2-3 Backups..from Different times..about 1 month apart, AT LEAST..so that if a Virus was BACKED UP, you can go back another MONTH..

Game backups, and SAVES...can be a problem unless you can FIND them. trying to find ALL saves and backups for evcry Program is a Pain..