Petronella Blog Archive

Visit our New Blog

New Ransomware Takes Money but Deletes Files

Blog Post

There’s an old adage that says there’s no honor among thieves and when it comes to a new type of ransomware, it’s never been truer. Known as RanScam, rather than encrypting a victim’s files this new strain just deletes them altogether.

After infecting a hard drive, RanScam alerts the user with a message stating that their files have been locked in a hidden partition that’s been decrypted. In order to regain access, all the user has to do is send $125 in Bitcoin to the hackers responsible. In reality, that’s not what’s happened at all.

While RanScam claims to encrypt files, what it actually does is comb through the hard drive and delete selected files. In addition to this it gets into the system settings and does things like delete shadow copies and files that allow System Restore and Safe Mode to run. Consequently, it’s virtually impossible to recover from an infection other than to wipe everything and start over from scratch.

If all that wasn’t bad enough, when a victim attempts to pay the ransom, they get a message saying the transaction failed even though it actually went through. That way victims re-enter their payment information and without realizing it send even more money to the hackers.

In order to better protect yourself from being taken advantage of by ransomware, download the free Ransom Protection Checklist or sign up to receive it by mail. If you find that you might be at risk, schedule a free 10 minute Ransomware Safety Review.