back to article Nukeware: New malware deletes files and zaps system settings

Lazy but sneaky cybercrooks are slinging a new ransomware variant that falsely claims to have encrypted files when in reality it has deleted them. Ranscam tricks victims by falsely claiming that files have been moved onto an hidden, encrypted partition. In reality the malware has deleted files and comprehensively messed with …

  1. SImon Hobson Bronze badge

    The "can restore files from elsewhere" option should always be number 1 on the list. "I can pay the ransom" is only for those idiots who didn't have number 1 in place.

    1. Anonymous Coward
      Stop

      those idiots will be many of your relatives then.

      1. theModge

        Only the ones too stubborn to heed good advice.

      2. Gene Cash Silver badge

        Confucious say

        "You don't convince family members to take periodic backups. Repeated, tragic data loss convinces family members to take periodic backups. Same as everyone else."

        1. DropBear
          Trollface

          Re: Confucious say

          "You don't convince family members to take periodic backups. Repeated, tragic data loss don't convince family members to take periodic backups. Repeated, tragic data loss convinces family members to pester you to make periodic backups for them. Same as everyone else."

        2. John Tserkezis

          Re: Confucious say

          "Repeated, tragic data loss convinces family members to take periodic backups."

          Sadly, for some of my relatives, even THAT won't convince them.

      3. Mark 85

        And, at least here in the States, various municipal departments such as police.

    2. tony72

      Unfortunately the kind of errors required to get infected with ransomware in the first place are likely to be made by the kind of people who also don't know enough to have backups.

      (He says, remembering the PC at home that still doesn't have a backup three months after installation.)

      1. a_yank_lurker

        Even with backups, this malware could be troublesome. How many leave the backup drive connected to the computer? Online backups are nice but are usually a subscription service and take time to upload all the data files and sync with the service. Not always a practical option for home users.

    3. asdf

      Backups in this case are actually effective (and of course should always be done for many other reasons). The problem with some of the other malware is they have gotten smart and gradually encrypt things over a long period of time so recovering from backups becomes a very laborious process if even possible.

      1. Ken Moorhouse Silver badge

        Re: Backups in this case are actually effective

        There are still a lot of things to consider. It is, for example, not a good idea leaving the backup device plugged in at the time that malware hits.

    4. Mark Simon

      The point is that, in this case, option 2 isn’t much of an option if the files cannot be recovered anyway.

      That just leaves option 1, which is not a bad strategy. Even without scumware, important data can be lost. Been there, done that, never again.

  2. Anonymous Coward
    Anonymous Coward

    I like ths variant of Ransomware the most....

    Its the one that should be on users minds, and its the one that's most likely kill off this otherwise lucrative extortion biz model...

  3. Anonymous Coward
    Windows

    This is why...

    It really pays off to run your OS as non-administrator. I have to admit that it takes getting used to on Windows because depending on what you usually do it can mean more "admin prompts". But it's worth the effort!

    On my Win7 environment my account has no password (so it auto boots) but it also has no admin privileges. Good luck to any malware trying to remove system files: it won't succeed because my account has no write access at all in C:\Windows or any other system environment :P

    Window updates work just fine, but only after I get an "admin prompt" (to elevate my rights) where I have to give the admin password.

    The bad news? It's too late for this. People are so used to having admin privileges on Windows that I don't think it's doable anymore to change that mindset. Nice going Microsoft :)

    1. Paul Crawford Silver badge

      Re: This is why...

      Not having admin rights should be the norm, but it only take one of many privilege escalation bug in ANY operating system to be back to having your machine toasted.

      Really the only sensible mitigation technique is a working, tested, backup system that is not a simple extension of the main PC's file system. Also works for lost or damaged PCs as well...

    2. DropBear

      Re: This is why...

      Also, not running as administrator might succesfully save your OS (ie. the part of the data on your computer you shouldn't give a flying fuck about considering it should always be ultimately restorable) but does nothing to protect your irreplaceable personal data (ie. the part of the data to which you, as a user, no matter how unprivileged, NEED to have access for it to make any sense). The thing is, outside a few archive-friendly use cases, not having write access to your own data generally isn't a viable way of using a computer. Unless you only use it to browse and check email. In which case you're perfectly safe, you've got nothing to lose.

    3. Boris the Cockroach Silver badge
      Linux

      Re: This is why...

      I installed Linux mint and no longer have this sort of problem :)

      <Smug mode: on>

      Actually I learned the hard way about backups and viruses the hard way which is why I went the way of the Linux long ago

      1. asdf

        Re: This is why...

        >Actually I learned the hard way about backups and viruses the hard way which is why I went the way of the Linux long ago

        And then you find yourself going a step further and doing the majority of your web browsing even on Linux Mint through an OpenBSD VM (regular user, firewalled, ssh X forwarding with security extensions on ftw) with tor and privoxy. Being this is my work laptop I am currently posting this through FF on a Solaris VM instead lol. Of course VM sandboxing is not the be all end all but I sure like setting it up for personal use.

        1. asdf

          Re: This is why...

          Will say though if I had to pick the two most secure functional desktops I would pick probably either Qubes OS or Trusted Solaris properly locked down. Of course both are worthless for gaming so you make compromises.

      2. Paul Crawford Silver badge

        Re: Linux mint and no longer have this sort of problem

        For now.

        You see, if you can run arbitrary software on ANY platform, then you can encrypt your own files (as pointed out above).

        Sure it is less likely on Linux and one reason I migrated, but if you are properly paranoid about this then you will (A) have an isolated backup anyway as that covers hardware failures and "gross administrative misconduct", and (B) set user-writable areas to non-execute so you can't accidentally run something unpacked from an archive (because your were drunk and it promised good pr0n).

        1. asdf

          Re: Linux mint and no longer have this sort of problem

          >unpacked from an archive (because your were drunk and it promised good pr0n).

          That tends to be more of an Android problem than Linux lol.

          >You see, if you can run arbitrary software on ANY platform, then you can encrypt your own files

          IMHO your main web browser should not even have access to a file system containing your personal files except through perhaps a shitload of 0 days and or VM/sandboxing busting. Yes its good to encrypt anyway as disk wiping (short of physical destruction) is not always a sure thing on decommission and yes on Unix apps like gpg make it trivial (actually fairly trivial to encrypt your entire home directory and swap on most *nix). Backups are must regardless because generally on *nix malware is less of a enemy than yourself.

          1. Paul Crawford Silver badge

            Re: @asdf

            "your main web browser should not even have access to a file system containing your personal files"

            Except for everyone needing to upload and download email attachments if using web-mail, PDF data sheets, photos up to FB (for the vain and/or with family who pester them enough to bend over for a Zucking), etc?

            Of course if you are properly paranoid you will already have an AppArmor profile for Firefox set to only allow read-only access to specific directories (e.g. 'photos') and only read/write to a sane place or two like 'downloads'.

      3. Anonymous Coward
        Anonymous Coward

        Re: This is why...

        I didn't install Linux, and;

        - My woman left me for a life in the circus

        - My truck broke down and left me stranded

        - My dog lost his nose...how does he smell? - terrible.

        Etc.

        And about this rash...

  4. JulieM Silver badge

    This could get interesting

    If this Ranscam malware becomes widely distributed, and its irreversibility known about, that's going to put a crimp in things for the real ransomware criminals. After all, why should you bother paying the ransom, if your files might not be recoverable even if you do? So if you get hit with real ransomware, you just ignore and restore.

    This is creating a sort of brand dilution. And malware distributors generally aren't the sort of people who tend to settle these sorts of disputes in a Court of Law. Just sayin' .....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like