Ransoc – An unusual ransomware that threatens to expose your personal information

  • 194
    Shares
Ransoc_ransomware

Mostly a ransomware encrypts your files and demands money in exchange for a key that can decrypt the data. And the payment is demanded in Bitcoins. Ransoc is different in the way it works and the medium it uses for the payment.

How does Ransoc work?
Once your computer is infected by Ransoc, it gathers your personal information from your Skype and social media profiles and scans your system for Torrent files and other sensitive information. It then displays a ransom note. Interestingly, the ransom note is customized for a particular user and has their social media details including their profile picture. The ransom note threatens the victim with a fake legal proceeding and also that the ‘sensitive’ information found on their computer will be made public if the ransom is not paid.

Now, two important points to note here:

  1. Ransoc, unlike other ransomware, does not encrypt any files on the infected computer.
  2. Reportedly, the ransom note is displayed only in a case where the ‘sensitive’ information found by the ransomware includes child pornography or illegally downloaded Torrent media files.

So basically, the creators of this ransomware are targeting the victim’s fear of facing legal complications and losing their reputation instead of their data.

Further, where all ransomware creators use Bitcoin to remain hidden from law enforcement, Ransoc asks its victims to pay via credit card; this kind of payment approach has been unheard of in ransomware attacks till now.

How Quick Heal helps?

Quick Heal’s Virus Protection proactively detects the ransomware as “Ransomware.TorLocker.PB5” and prevents it from performing any activity on your computer.

qhts

How to stay safe from ransomware attacks

  • Never click on links or download attachments that arrive in emails from unwanted, unknown or unexpected sources.
  • Apply all recommended security updates (patches) to your Operating System, and programs like Adobe, Java, web browsers, etc.
  • Take regular backups of your files. Remember to disconnect the Internet when you are backing up on a hard drive. Unplug the drive before you go online again.
  • Avoid using outdated browser plugins or plugins that you do not use anymore.
  • Invest in an antivirus software that comes with several layers of security such as Web Security that blocks infected websites, Email Security that blocks infected emails, Phishing Protection that blocks fake websites, etc.
  • Always keep your antivirus software up-to-date to stay safe against new threats.

ACKNOWLEDGEMENT

Subject Matter Expert
– Anita Ladkat (Threat Research and Response Team)

Quick Heal Security Labs

Quick Heal Security Labs


75 Comments

Leave a Reply to AKASH Cancel reply

Your email address will not be published.

CAPTCHA Image

  1. Avatar Subhendu P ChakravartiNovember 29, 2016 at 1:01 PM

    My machine is affected by THOR ransomware in spite of the Quick Hill Total Security in place presently. The Quick Heal telling that those files are ‘Clean’. How the affected files be de-crypted?

    Reply
  2. Avatar singhalmayank97@gmail.comDecember 1, 2016 at 7:30 PM

    it is very very good

    Reply
  3. This was really helpful to know about Ransoc…
    as not purposely but as the advertisements pop ups on any site….i will be careful that time…..and will be having quickheal antivirus only…as i am having now….
    THANK YOU

    Reply
  4. This article is written in studious manner. It shows Quick Heal have well founded research team which works 24×7 to help customer to resolve their issues. This enhances customer’s confidence to buy such a good and updated ptoduct which will safegaurd their system.
    I have been using Quick Heal since last 2 year and I dont found any issue yet..I recommend Quick Heal .

    Reply
  5. Avatar Ram AmarnaniDecember 2, 2016 at 10:14 AM

    I bought this product of 3 years package. First year it worked, after completion of 1 year I am in great trouble. Every second day of update it goes out of security and every second day I have to update. Great trouble is that I have to try atleast 20 to 40 times for update then only it updates (for 1 or 2 days only). Though complained, no one cares. Therefore I suggest do not buy package of 3 years, there is cheating.
    This I am talking about my home computer, not this computer. In this computer also I have purchased 3 years package just few months ago, and I fear what will happen after 1 year.

    Reply
  6. Avatar satyam kumar pandeyDecember 2, 2016 at 1:50 PM

    VERY NICE

    Reply
  7. Avatar cscmanisundar@gmail.comDecember 2, 2016 at 3:00 PM

    I am using Quick Heal Internet Security for the past several years. I am fully protected. Internet browsing never posed any problems so far. I am happy with QH antivirus. My best compliments to QH team.
    CSC Manisundar

    Reply
  8. Avatar Ansumay DattaDecember 2, 2016 at 4:40 PM

    Very helpful.

    Reply
  9. good choice sequrity

    Reply
  10. Avatar Karan KalsurDecember 3, 2016 at 9:10 AM

    my pc has also affected by ransoc inspite of quickheal

    Reply
  11. Ram Amarnani • December 2, 2016 at 10:14 AM

    I bought this product of 3 years package. First year it worked, after completion of 1 year I am in great trouble. Every second day of update it goes out of security and every second day I have to update. Great trouble is that I have to try atleast 20 to 40 times for update then only it updates (for 1 or 2 days only). Though complained, no one cares. Therefore I suggest do not buy package of 3 years, there is cheating.
    This I am talking about my home computer, not this computer. In this computer also I have purchased 3 years package just few months ago, and I fear what will happen after 1 year

    Reply
  12. Avatar yash wardhan singhDecember 4, 2016 at 12:16 AM

    pls don’t public my files keep it safe

    Reply
  13. Avatar dharma loharDecember 4, 2016 at 3:12 AM

    It’s very helpful app.

    Reply
  14. Avatar Shrikant PathakDecember 4, 2016 at 11:18 AM

    As Your Quick Heal service is taking care, We are fearless . of Virus & Hacking,

    Reply
  15. Avatar ATINDRA NATH BAGCHIDecember 4, 2016 at 2:41 PM

    1) Its Good
    2)Works Faster
    3)Its a true ANTIVIRUS
    4)Protects Everything of Everyone
    5)Never betrays its MasTER

    Reply
  16. Avatar Dr ATINDRA NATH BAGCHIDecember 4, 2016 at 3:41 PM

    1) RECENLY I WAS GIFTED WITH A QUICK HEAL ANTI VIRUS, BUT UNFORTUNATY MY PC IS VIRUS AFFECTED.
    2) PLEASE RECTIFY THE LOOP HOLES, SO THAT I REMAIN TENTION FREE & MY PC REMAIN UNAFFECTED

    Reply
  17. Avatar bharat sharmaDecember 4, 2016 at 5:20 PM

    The Quick Heal telling that those files are ‘Clean’. How the affected files

    Reply
  18. Avatar Waseem AnsariDecember 5, 2016 at 4:32 PM

    Hi, whenever I am connecting my pc to internet, a page is opening and showing that update details to quick heal, so this page is opening by quick heal or by any hacker?

    Reply
  19. good quick heal antivirus

    Reply
  20. Very good activities and good working now

    Reply
  21. I am using Guardian antivirus for the last two years.it provides the best protection to my computer.I do not hesitate to recommend it for every one.

    Reply
  22. Avatar gunglitagang@gmail.comDecember 6, 2016 at 6:59 PM

    It is seen thatvirus ransomware affected my PC but the Quick heal cannot cannot clean it.

    Reply
  23. We really like this application, on this note, I wish to upgrade quick heal application on my computer.

    Reply
  24. Avatar SUJIT BHATTACHARYADecember 7, 2016 at 12:10 PM

    My product key is FQ0143Y14400628E628A ,Validity stands till 2019 , but unable to update security since 23rd Nov, I tried it 20 to 30 times ,Its a great problem . toll free number 18001217377 nobody receiving for customer support, online chatting also their staffs disconnecting before solving the problem . Should I switch over to other sequrity service .

    Reply
    • Rajiv Singha Rajiv SinghaDecember 30, 2016 at 4:25 PM

      Hi Sujit,

      Thanks for writing in. We have shared your concern with our team; they will get in touch with you to help you out.

      Regards,

      Reply
  25. Avatar Dheeraj Kumar guptaDecember 7, 2016 at 10:26 PM

    Device can’t be upgraded

    Reply
  26. Avatar dipak phartadeDecember 8, 2016 at 2:38 PM

    today my account hake time for11.30AM .12800 maney can be tansfer. sir please help me.

    Reply
  27. Avatar ghanshyam kumarDecember 8, 2016 at 9:04 PM

    thanks

    Reply
  28. Avatar Amit sharmaDecember 8, 2016 at 9:43 PM

    Help me please

    Reply
  29. Avatar snjoy nandanDecember 8, 2016 at 9:49 PM

    good

    Reply
  30. GOOD

    Reply
  31. Avatar kishan shahDecember 9, 2016 at 8:49 AM

    My mobile is badly affected due to “Ransom ware.TorLocker.PB5” please solve this problems

    Reply
  32. Avatar SP.SUBRAMANIAN.December 9, 2016 at 3:33 PM

    Dear Sir (s)
    On 03-10-2016 I have renewed for one year for the Guardian Net Secure. Reference VINQUICK HEAL/2016100318590000 for rs.499/- The Product Key no is 5Q8288WF1F3770A25510.

    Kindly look into this matter and do the needful immediately.
    Daily I am getting intimation from you, for the renewal. DO THE NEEDFUL IMMEDIATELY.

    Reply
  33. I love quick hall

    Reply
  34. Avatar Gaurav barotDecember 9, 2016 at 4:56 PM

    Nice

    Reply
  35. QUICK HEAL Antivirus pRO

    Reply
  36. HELPFUL

    Reply
  37. Avatar Nayeem IshratDecember 10, 2016 at 9:47 PM

    when ever I start up laptop explorer.exe comes many I had updated quick heal total but still it comes quick heal is not giving proper service

    Reply
  38. Avatar bishansingh75@yaho.inDecember 11, 2016 at 5:37 PM

    I like

    Reply
  39. very nice

    Reply
  40. north of taramandal mandiri main road,patna-800001(bihar)

    Reply
  41. This is the best app to remove viruses from our phone

    Reply
  42. Avatar aakash chaudhariDecember 14, 2016 at 2:13 PM

    Awesome this app, I like it quick heal

    Reply
  43. Avatar krishanu paulDecember 14, 2016 at 6:30 PM

    in your pc which oe is virus or quick heal

    Reply
  44. Avatar Chandan kumarDecember 14, 2016 at 8:29 PM

    I don’t know about can this antvirius perform do well but it’s performing satisfy them
    One question what can it protect them?

    Reply
  45. Avatar subrat kumar parichhaDecember 15, 2016 at 12:54 AM

    parichha

    Reply
  46. Avatar Mukesh singhDecember 15, 2016 at 8:58 AM

    Hello sir. Thanks for suggestion please suggest me how to stop attometick downlord apps ex game apps atotometick download in my divece plz protect my device lava x11

    Reply
  47. Thank you for information and protecting my computer.

    Vaidya

    Reply
  48. THANKS GUADIAN

    Reply
  49. Avatar BHARAT TRIVEDIDecember 16, 2016 at 11:48 AM

    I AM GLAD MY COMPUTER & LAPTOP ARE “QUICK HEAL” … PROTECTED

    Reply
  50. How can i com to know that my computer is affected by that virus?is it possible to know who want to do this ?Is my device is protected from that virus?

    Reply
  51. I am interested

    Reply
  52. How do I know if I my phone is safe? I have got absolutely no idea. Please, keep my phone safe.

    Reply
  53. Nice ……& service…

    Reply
  54. I have already visited your office but no one has no solution for this attack and recovery plan instead valuable and super brilliant technical QH staff is well trained to threaten users and blame them how they are responsible for their loss of data and further for which QH have no recovery plan at all,
    Even i am punctual in updating the antivirus software and use the legal purchased copy,
    But QH is nothing but just dumped trash software which is acquiring my hard-disk space as of now I feel.
    And I had to feel this because your engineering team worked so well, hard and made me convinced to believe that it is useless talking and expecting any recovery of my data which is as old as 2009,
    And I just want you mention here specially that I am purchasing legal copy of QH from 2009 onwards till now,
    And this is the high time for not only me but to all other QH users to really re-think on continuing the use of QH and and move on to any other capable antivirus net protection software.
    Thanks and Regards,
    Prashant
    +91-7028903322

    Reply