Mostly a ransomware encrypts your files and demands money in exchange for a key that can decrypt the data. And the payment is demanded in Bitcoins. Ransoc is different in the way it works and the medium it uses for the payment.
How does Ransoc work?
Once your computer is infected by Ransoc, it gathers your personal information from your Skype and social media profiles and scans your system for Torrent files and other sensitive information. It then displays a ransom note. Interestingly, the ransom note is customized for a particular user and has their social media details including their profile picture. The ransom note threatens the victim with a fake legal proceeding and also that the ‘sensitive’ information found on their computer will be made public if the ransom is not paid.
Now, two important points to note here:
- Ransoc, unlike other ransomware, does not encrypt any files on the infected computer.
- Reportedly, the ransom note is displayed only in a case where the ‘sensitive’ information found by the ransomware includes child pornography or illegally downloaded Torrent media files.
So basically, the creators of this ransomware are targeting the victim’s fear of facing legal complications and losing their reputation instead of their data.
Further, where all ransomware creators use Bitcoin to remain hidden from law enforcement, Ransoc asks its victims to pay via credit card; this kind of payment approach has been unheard of in ransomware attacks till now.
How Quick Heal helps?
Quick Heal’s Virus Protection proactively detects the ransomware as “Ransomware.TorLocker.PB5” and prevents it from performing any activity on your computer.
How to stay safe from ransomware attacks
- Never click on links or download attachments that arrive in emails from unwanted, unknown or unexpected sources.
- Apply all recommended security updates (patches) to your Operating System, and programs like Adobe, Java, web browsers, etc.
- Take regular backups of your files. Remember to disconnect the Internet when you are backing up on a hard drive. Unplug the drive before you go online again.
- Avoid using outdated browser plugins or plugins that you do not use anymore.
- Invest in an antivirus software that comes with several layers of security such as Web Security that blocks infected websites, Email Security that blocks infected emails, Phishing Protection that blocks fake websites, etc.
- Always keep your antivirus software up-to-date to stay safe against new threats.
Subject Matter Expert
– Anita Ladkat (Threat Research and Response Team)