You know the Ransomware that encrypts the victim's files and extorts a ransom. However, the researchers ασφαλείας της Symantec, διαπίστωσαν ότι οι προγραμματιστές του κακόβουλου λογισμικού περνάνε μάλλον μια κρίση συνείδησης.
With the emergence of CryptoLocker, the infamous ransomware that encrypts victim's files, many Internet users have realized that if their computers get infected, it's very likely they will never see their files again.
Symantec security researchers discovered a version of Trojan.Ransomscript which appears to be developed by malicious users who are good people at heart. But deep down.
After encrypting the files the malware loads on the computer ένα επιπλέον αρχείο με την extension (.OMG). Readme.OMG a text document containing instructions on how victims can recover their data held hostage by the malware that has encrypted it. So after the note explaining how the ransom will be delivered, there is a paragraph that states the following:
“Υ.Γ. Remember, we are not scammers. (!) We do not need your files. If you want, you can get a decoder for free after a month. Just send a request immediately after the infection. All your files will be completely restored. As a guarantee you have - decrypted samples and positive comments from previous users. "
Thus, fraudsters hope they will only earn revenue from those who can not wait for a month to obtain their records.
From a technical point of view, Trojan.Ransomcrypt.G is similar to other ransomware. However, according to Symantec experts, unlike others, Ransomcrypt.G does not automate the delivery of encryption keys from the administration and control server and the victim's computer.