PYMNTS-MonitorEdge-May-2024

Ransomware Scam Gets Uglier, Won’t Give Back Computer Files

When it comes to ransomware, there is a light at the end of the tunnel: Pay the ransom, and you get your files back. But a new variant on the ransomware attack is changing all that, leaving victims scrambling to figure out what to do.

Dubbed Ranscam, this variant on the ransomware scam locks up your computer, holds all of your computer files hostage, demands money and then doesn’t give you your files back. There is no longer honor amongst thieves,” the Cisco Talos security team wrote in a blog post. “Similar to threats like AnonPop, Ranscam simply delete[s] victims’ files and provides yet another example of why threat actors cannot always be trusted to recover a victim’s files, even if the victim complies with the ransomware author’s demands.”

According to security professionals, Ranscam has little resemblance to the ransomware attacks in its approach to infecting the computers, encrypting and removing files and in the way it attempts to reach and scare victims into handing over money. One of the scare tactics being employed by the authors of the Ranscam variant is to claim it will delete files during every unverified payment click, which it doesn’t. Users are told to make payment using bitcoin, which complicates the process for consumers who aren’t familiar with the currency.

The new cyberattack underscores a frightening statistic: The number of new players in the ransomware market is increasing at a rapid pace because people are more than willing to pay to get their files back. The scams have been targeting everyone from individuals to businesses. Even hospitals, cities, police departments and universities have been victims of ransomware attacks.

“Ranscam further justifies the importance of ensuring that you have a sound, offline backup strategy in place, rather than a sound ransom payout strategy,” Talos said in the blog. “Not only does having a good backup strategy in place help ensure that systems can be restored, it also ensures that attackers are no longer able to collect revenue that they can then reinvest into the future development of their criminal enterprise.”

PYMNTS-MonitorEdge-May-2024