You know the Ransomware that encrypts the victim's files and extorts a ransom. However, Symantec security researchers found that the developers of the malicious software they are probably going through a crisis of conscience.
With the emergence of CryptoLocker, the infamous ransomware that encrypts victim's files, many Internet users have realized that if their computers get infected, it's very likely they will never see their files again.
Symantec security researchers have discovered a version of Trojan.Ransomscript that appears to be developed by malicious users who are basically good people. Very deep.
After encrypting the files the malicious program loads on the computer an additional file with the extension (.OMG). Readme.OMG a text document containing instructions on how victims can recover their data held hostage by the malware that has encrypted it. So after the note explaining how the ransom will be delivered, there is a paragraph that states the following:
“Υ.Γ. Remember, we are not scammers. (!) We do not need your files. If you want, you can get a decoder for free after a month. Just send a request immediately after the infection. All your files will be completely restored. As a guarantee you have - decrypted samples and positive comments from previous users. "
Thus, fraudsters hope they will only earn revenue from those who can not wait for a month to obtain their records.
From a technical point of view, Trojan.Ransomcrypt.G is similar to other ransomware. However, according to Symantec experts, unlike others, Ransomcrypt.G does not automate the delivery of encryption keys from the administration and control server and the victim's computer.