Whenever I think that the various criminals behind ransomware can’t sink any lower, someone comes along and proves me wrong.
Edmund Brumaghin and Warren Mercer in a post for Talos describe a particularly vicious example of ransomware they call Ranscam, which doesn’t bother to encrypt files. It claims that the files have been moved to a ‘hidden, encrypted partition’ , but in fact the malware simply deletes them, makes it difficult as possible to recover them, and then puts up a ransom demand. In fact, the criminals have no way of recovering the victim’s files: they just take the money, given the opportunity. As the authors put it:
Ranscam further justifies the importance of ensuring that you have a sound, offline backup strategy in place rather than a sound ransom payout strategy.
The Talos blog: When Paying Out Doesn’t Pay Off.
Commentary by John Leyden for The Register: Nukeware: New malware deletes files and zaps system settings – When you’ve paid up, but there’s nothing to unlock.