Lazy but sneaky cybercrooks are slinging a new ransomware variant that falsely claims to have encrypted files when in reality it has deleted them.
Ranscam tricks victims by falsely claiming that files have been moved onto an hidden, encrypted partition.
In reality the malware has deleted files and comprehensively messed with system settings (removing executables associated with System Restores, deleting shadow copies, hobbling Safe Mode etc.) such that it is difficult or impossible to recover from an infection.
Victims are encouraged to pay a 0.2BTC ($125) ransom but in reality the crooks have no mechanism to restore compromised files. The attackers provided the same wallet address for all payments and for all samples identified by Cisco’s Talos security division.