When ransomware hits, it\u2019s natural to wonder if it might be worth\u00a0just\u00a0paying the ransom to get your electronic life back with the minimum of fuss. At Kaspersky Lab, we don\u2019t recommend paying the ransom, but in the case of new ransomware called Ranscam, there really is no point: It deletes your\u00a0files anyway.<\/p>\n
Threatpost reports on the new malware<\/a>, noting that in contrast with recent ransomware of breathtaking proficiency, Ranscam seems either lazy or not particularly competent. A sledgehammer among scalpels. The first thing users will see after the malware has found its way into their system is the ransom note. It looks like the ransom notes that other pieces of ransomware show, but with one seemingly insignificant difference. Instead of directing users to an external location where they are supposed to verify the ransom payment, this note shows a clickable button: \u201cI made payment, please verify.\u201d<\/p>\n In reality, the difference is very significant. Whenever a user clicks the button, a message appears, saying the payment was not verified and that one file will be deleted each time the button is pressed without the criminals behind Ranscam having been paid. That is probably supposed to make users nervous and persuade them to pay several times.<\/p>\n In fact it\u2019s just a bluff \u2014 but that\u2019s not good news for the victim. The ransomware states that it has moved the user\u2019s files into a \u201chidden, encrypted partition,\u201d but in reality, it deleted them before even showing the ransom message. So there\u2019s no way to retrieve them.<\/p>\n
\nUnfortunately, a sledgehammer is a pretty destructive tool. Where sophisticated ransomware aims to extract victims\u2019 money and then, likely or not, restores the files or file systems it encrypted in the attack, Ranscam is just a scam.<\/p>\nHow Ranscam works<\/h3>\n