Ransomware is a real problem for many institutions and consumers who do not know how to protect their PCs while surfing the web. Ransomware apps lock certain files on a computer with encryption, making them inaccessible until the target pays a ransom, usually in virtually untraceable Bitcoin. The scam is very lucrative for some hackers, who usually restore access to temporarily encrypted files as soon as a computer owner pays the fee, and these ransomware apps aren’t exactly easy to code.
Ranscam is one such example of a badly executed ransomware app. But because it’s a bad type of malware, it’s also the worst Windows infection you can currently get.
“You must pay 0.2 Bitcoins to unlock your computer,” a warning message says after a computer is infected with Ranscam. “Your files have been moved to a hidden partition and crypted. Essential programs in your computer have been locked and your computer will not function properly. Once your Bitcoin payment is received your computer and files will be returned to normal instantly.”
That sounds like your average ransomware message, but security researchers from Cisco Talos told Ars Technica this isn’t your typical malware threat.
The malware app deletes everything on your computer. It doesn’t encrypt anything either. You can’t pay to get the decryption key and restore access to your files. Even if you try to pay, you’ll simply get an error message. But what’s clear is that your files are going to be deleted no matter what.
The messages these hackers present on screen come from web addresses traced to a server hosted in California and are retrieved “through an unprotected, unencrypted, unobfuscated” HTTP request.
The malware was discovered on a small number of computers, and it’s not clear how these computers were infected. Usually, ransomware is delivered via phishing attacks, but Ranscam isn’t widespread enough to determine how it’s being delivered.
Researchers tried to reach the amateur creators of the program, but the hackers just sent back an email explaining how an affected customer can buy and transfer Bitcoin.
If you’ve been affected by this silly, yet very dangerous Windows malware, you can still try to recover the deleted files using specialized software, or by enlisting the help of a company that can do it for you. If you perform regular backups of your hard drive, you should be fine.