Ranscam ransomware may appear to be just like any other form of malicious file-encrypting software at first glance. Victims are informed that their files are encrypted and that they must pay a ransom in order to recover them.
A ransom demand of 0.2 Bitcoin is demanded by the attackers to supply the keys to unlock the encryption. The victim is informed that essential files on their computer have been crypted, and that the computer will not function properly.
What is different in the case of Ranscam ransomware, is the attacker claims to have moved files to a hidden partition on the hard drive. That is not all that is different. If the victim chooses to pay the ransom payment, they will not be provided with a decryption key to recover their files.
The ransom note claims that payment of the ransom will result in the files being “returned to normal instantly,” but by the time the ransom note is displayed user files will already have been deleted. After infection there is no way of recovering data unless a backup has been performed.
According to the security researchers who discovered the new “ransomware” variant, this is not a highly sophisticated new threat. In fact, it is quite the opposite. Ranscam ransomware has no encryption or decryption capabilities, and the attackers have no way of determining who has actually paid the ransom.
The malware uses the Windows Command Processor to execute a batch file which deletes entire folders on the computer along with Windows shadow copies and registry keys that allow the computer to be started in safe mode.
Ranscam ransomware cashes in on the current ransomware trend and attempts to fool victims into making payment.
Loss of data can be annoying and frustrating for personal computer users. For businesses it could be catastrophic. If backups have not been made, or viable backups do not exist, critical business data may be lost forever.
The latest threat shows why it is never a good idea to pay a ransom to recover files, and why it is essential to perform regular backups of important files.