New ‘Ranscam’ Ransomware Lowers The Bar But Raises The Stakes

  /     /     /  
Publicated : 22/11/2024   Category : security


New ‘Ranscam’ Ransomware Lowers The Bar But Raises The Stakes


Cisco Talos researchers discover new variant that doesnt decrypt your files after you pay up--it has already deleted them.



Ransomware variants are multiplying like rabbits: while some are more sophisticated and tougher to combat, others are more about scamming than kidnapping. Take the new Ranscam malware discovered by Cisco’s Talos team, a low-tech but highly destructive attack that demands ransom from its victims but never returns them their files because it actually deleted them.
Ranscam isn’t the first ransomware variant to destroy files rather than return them after victims pay up—there’s AnonPop and
JIGSAW
, for example—but it’s a glaring example of how the ransomware scam itself is so lucrative and easy to pull off that less sophisticated attackers are jumping in the game. It’s also a cautionary tale for victims counting on getting their files back when they hand over those Bitcoins.
The lack of crypto in the attack, despite promises of decryption if the victim pays up, also demonstrates that Ranscam is nowhere near as complex or advanced as Cryptowall and other ransomware attacks, the researchers say. It’s more like its name suggests: it’s a ransomware 
scam 
to make money quickly.
Compared to other true ransomware variants such as Cryptowall which spend a significant amount of time and effort developing new functionality and features, Ranscam appears to indicate that smaller, less-funded threat actors are joining the game, attempting to quickly get a piece of the pie, says Earl Carter, security research engineer at Cisco Talos.
Its also yet another example of why solid backups can save the day in a ransomware attack. Ranscam further justifies the importance of ensuring that you have a sound, offline backup strategy in place rather than a sound ransom payout strategy,” the Talos team wrote
in a blog post today
. “Not only does having a good backup strategy in place help ensure that systems can be restored, it also ensures that attackers are no longer able to collect revenue that they can then reinvest into the future development of their criminal enterprise.”
Ranscam pushes the victim the usual ransom note upon infection, claiming to have moved the files to a “hidden, encrypted partition.” The Talos team says it dug around and found that some $278 had been paid to a wallet address provided by the attackers, but no additional transactions had occurred with it since late last month.
The attack appears to be limited, and relies mainly on using fear to solicit victims to pay the ransom. The attackers even had a few mishaps in their payment screen process, Talos found.
And the good news with Ranscam is that it isnt likely to have a long lifespan as a threat. The payout is likely to die away quickly because of [its] bad reputation in deleting files, notes Talos Carter.
Cisco Talos recommends a backup solution that lets you restore an infected system to “a known-good configuration as quickly as possible.” That way, ransomware won’t be so popular and useful to attackers.
Related Content:
Creepy New Ransomware Riffs Off Popular Horror Film
How To Lock Down So Ransomware Doesnt Lock You Out
Ransomware Scam Profits Not As Glamorous As Youd Think
Ransomware Now Comes With Live Chat Support
 

Last News

▸ BrutPOS Botnet Targeting Easy Retail Victims ◂
Discovered: 23/12/2024
Category: security

▸ EFF sues NSA, Director of National Intelligence. ◂
Discovered: 23/12/2024
Category: security

▸ Facebook aids in dismantling Greek botnet. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New ‘Ranscam’ Ransomware Lowers The Bar But Raises The Stakes