There is a new type of ransomware variant, including ranscam, which has not yet spread widely currently doing the rounds. Although it may not be as sophisticated as some of the recent ones it can be very damaging none the less.
Ranscam works as per the usual ransomware by flagging up a message to say your files have been encrypted and you must pay a ransom to get them back. This is in fact false as it would have already deleted your files. It also comprehensively affects your system settings by removing executables associated with system restores, deleting shadow copies and hobbling safe mode as well as deleting the usual .docx, .txt & .pdf files, making it difficult or impossible to recover from the infection.
Victims are encouraged to pay a 0.2BTC ($125) ransom to return the files, but in reality they have no mechanism to restore them. In addition, the malware features a fake payment verification process that automatically returns notices of failure in the hope that victims might make payment again.
Typically ranscam comes in via email as an attachment so be aware of any names you don’t recognise or emails from contacts that look suspicious. Check with the sender before opening if something doesn’t look right but if the worst happens and you do become infected, it is very important not to reboot your machine. As always, this highlights the importance of a complete back up and disaster plan as well as end-user education. We strongly suggest passing on this information to everyone in your business so they are on the look out for anything suspicious in their inboxes, which could save your company from being at further risk.
If you need any further information or advice on your back up plan, please contact our support desk today on 01793 438886.
