A new ransomware variant was discovered been in the past few weeks. This variant doesn’t encrypt your hard drive or anything like the traditional ransomware instead it displays a full screen web application that prevents a user from accessing other applications nor the operating system. Called Ransoc because of it’s connections to social media, the malware searches for illegal files on the system and scrapes social media information from the user profiles. Social media accounts include Facebook, Linkedin and Skype. Ransoc also prevents the user from killing the malware through regedit, msconfig or task manager as it resets and checks every 100s. Depending on what is found that is illegal (it searches the system for child pornography, media files downloaded through torrent, etc) the ransomware displays a fake legal notice in full screen view (similar to a browser locker) threatening to expose the user if they don’t pay. Normally the payment is made using bitcoins but in this case the credits cards are even accepted. The gutsy approach is confidence that the user will not contact authorities to minimize the risk of getting exposed.
http://www.sectechno.com/ransoc-malware-that-uses-social-networks-for-a-customized-attack/
https://www.proofpoint.com/uk/threat-insight/post/ransoc-desktop-locking-ransomware-ransacks-local-files-social-media-profiles
Roberto Nogueda says
Hello Jimmy- this is a great article and also alarming and scary.
There are some smarts to it and the type of approach used to present the ransomware, however this can be used as an example of sophistication and elegance to hack.
Thank you for sharing.
Roberto.
Jason A Lindsley says
Unfortunately, I think we are going to start seeing a lot more of this. Leaks of user information for sites such as Ashley Madison have shown how damaging a users browsing history can be. If attackers start to actual expose this type of information via channels such as social media, we may actually see more people paying the ransom (and changing their online behaviors).