• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

TekSec

My Scribbles on security and whatever strikes my fancy . . .

  • Home
  • About
    • Privacy Policy
    • DISCLAIMER
  • Services
    • Content Strategy
    • Social Media
    • Digital Audit
  • Show Search
Hide Search

Ransoc, simplified ransomware

November 16, 2016 By teksquisite Leave a Comment

Ransoc no fire ransomware

Proofpoint recently discovered a new ransomware variant dubbed Ransoc, that is distributed through malvertising campaigns on adult web sites. If you do not go to adult sites, you should be safe from this threat. If you do go to adult websites and manage to have a meetup with this new variant, and you are comfortable with the windows registry—it’s easy to remove

No encryption used

Ransoc scrapes torrents, instant messaging clients, Skype and social media profiles (Facebook, LinkedIn) for potentially sensitive user information. Though this new variant does not encrypt user files—it does threaten victims with a (customized per victim, dependent on the data found on the computer) fake legal warning if the victim refuses to pay the ransom.

ZDNet says “. . . because it focuses on exploiting this fear, Ransoc doesn’t encrypt the victims’ files in the same way as ransomware like Locky does, but rather makes its demands via the desktop or browser after infecting the system through malvertising traffic aimed at Internet Explorer on Windows and Safari on OS X.”

The twist with this ransomware—no Bitcoin needed—victims can pay up with a credit card!

Proofpoint explains at their Threat Insight blog:

By incorporating data from social media accounts and Skype profiles Ransoc creates a coercive, socially engineered ransom note to convince its targets that they are in danger of prosecution for their browsing habits and the contents of their hard drives. With bold approaches to collecting payments, the threat actors appear confident in their targeting, introducing new levels of sophistication to ransomware distribution and monetization.

Ransoc removal

Bleeping Computer advises the victim to simply reboot the computer into safe mode and locate this windows registry key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\JavaErrorHandler

Next, look at the properties of the  registry key to determine where the malware executable is hiding and delete the file and the registry key.

Though this is not hardcore ransomware, it can generate plenty of fear for less tech-savvy users.

 


Source: Proofpoint


Facebooktwitterredditpinterestlinkedinmailby feather

Filed Under: TekSec Bytes, Updates

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Visit Us On TwitterVisit Us On FacebookVisit Us On PinterestVisit Us On YoutubeVisit Us On LinkedinCheck Our Feed

Recent Posts

  • 13 Reasons why WordPress hacks are successful
  • Hacked medical devices gaining traction
  • Online Travel Agency Deals: Due Diligence and Dive

Top Posts

  • Safari browser redirects on iPhone, iPad –… (11,452)
  • 6 motivations of cybercriminals–Is it all about the money? (4,767)
  • How to derail a Business Gmail Spam bomb (4,270)

RSS SecurityWeek

  • Critical Vulnerability Impacts Over 120 Lexmark Printers
  • BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws

RSS Threatpost

  • Student Loan Breach Exposes 2.5M Records
  • Watering Hole Attacks Push ScanBox Keylogger

Recent Comments

  • teksquisite on How to derail a Business Gmail Spam bomb
  • Stephanie Cleveland on About
  • bob mbeng64 on How to derail a Business Gmail Spam bomb
  • teksquisite on Remove Query Strings From Static Resources in WordPress
  • Harish on Remove Query Strings From Static Resources in WordPress

Categories

Copyright © 2023 · Teksquisite Security LLC

  • Home
  • About
  • Services
  • Privacy Policy
  • DISCLAIMER