You know how it goes: you’re browsing the web, or checking an email, when all of a sudden a message pops up. Your computer, and the data on it, is locked—encrypted by ransomware. Access is denied until you pay the ransom.
Most people know the procedure with ransomware, which is why the criminal coders behind it are finding new and inventive ways to make you pay up. Here are some new types of ransomware that you should be aware of.
1. Talking Ransomware
If your computer is infected with the Cerber ransomware (typically via an email attachment posing as a Microsoft Office document), your data will be encrypted, with each file given a new file extension: .cerber.
Note: Unless you’re in Russia or the Ukraine, or other former USSR nations, such as Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Turkmenistan, Tajikistan, or Uzbekistan. If you are situated in these locations, the Cerber ransomware will deactivate.
You’ll know that you’re infected by Cerber as a notice will appear on your desktop. Furthermore, instructions on how to pay will be found in every folder, in TXT, and HTML format. You’ll also find a VBS file (Visual Basic Script) which, when opened, will dictate instructions to you. That’s right: this ransomware talks you through how to pay the ransom and decrypt your data.
2. Play Our Game… Or Else
In April 2018, we saw the PUBG Ransomware which took a different approach to holding your computer to ransom. Rather than demand money for your locked files, the coder behind this odd piece of malware gives you a choice:
- Play the videogame PlayerUnknown’s Battlegrounds (available for $29.99 on Steam).
- Just paste this code we’ve provided on-screen for you, you’re good.
It is, in effect, unmalware. Although potentially annoying, and appearing to be actual ransomware, the PUBG Ransomware appears to be nothing more than an elaborate promotional tool, no doubt conceived to gain a few column inches for PlayerUnknown’s Battlegrounds.
Doesn’t seem so bad, does it? Well, apart from the fact that it certainly does encrypt your files, and rename the file extensions (to .pubg). In short, if you found yourself torn between pasting some code and buying a three-star PvP shooter, you should probably take action. If this was real ransomware, you’d be paying out at least ten times the amount.
Unfortunately, this is one of the only types of ransomware that’s this easy to defeat.
3. I’ll Delete One File at a Time
Jigsaw deletes your files, one by one.
As if it wasn’t bad enough having all your data locked in an unknown state of existence, the Jigsaw ransomware takes the scam further. Originally known as “BitcoinBlackmailer,” this ransomware gained a new name thanks to the appearance of Billy the Puppet, as seen in the Saw “torture porn” movie series.
First spotted in April 2016, Jigsaw spread through spam emails and infected attachments. When activated, Jigsaw locks the user’s data and the system Master Boot Record (MBR), then displays the attached message.
This is essentially a threat: if the ransom isn’t paid (by Bitcoin) within an hour, a file will be deleted from your computer. For every hour you delay, the number of files that are deleted increases, considerably reducing your odds in this encryption lottery. Oh, and rebooting, or attempting to terminate the process (Jigsaw poses as the Mozilla Firefox browser, or Dropbox in the Windows task manager) results in 1000 files being deleted.
One last thing: later versions of Jigsaw threatens to dox the victim if they don’t pay up. By incentivizing the victim through menaces, this type of ransomware has changed the malware game.
4. Oh, You Paid Already? Tough
We’re familiar with how ransomware works. You get infected with malware that encrypts your vital data (or entire computer), then forces you to pay a ransom to unlock. Your files are then back in your hands via a decryption key. Right?
Usually, but not with Ranscam.
Just when you thought everything was straightforward with ransomware comes an example that just takes the money and runs. Oh, and they don’t even bother to encrypt your data as part of the pretense—your data is deleted.
While most ransomware scams are clearly written by experts, some doubt has been cast over the proficiency of the hand behind Ranscam. Less sophisticated than other types of ransomware, Ranscam is nevertheless effective. The more notorious Petya ransomware strain was also known to obliterate data, rather than return access to the user.
5. Yes, We Locked Your TV
In June 2016 it was discovered that the FLocker ransomware (ANDROIDOS_FLOCKER.A) that had previously hit Android phones and tablets, had evolved. Android-powered Smart TVs were added to its list of targets.
You may have already heard of FLocker, even if you don’t know its name. It’s one of the ransomware types that displays a “law enforcement” warning, informing you that illegal material has been viewed on your system. It’s also targeted at Western Europe and North American users; in fact, anyone who isn’t in Russia, Ukraine, or any of the other former USSR nations.
Payment is demanded via iTunes vouchers (often the target of scammers), and once received, control of your Android phone or TV is returned to you.
6. We Really Locked Your Data, Honest!
Amazingly (or perhaps not, when you think about it) there are ransomware strains that don’t actually do anything at all. Not in the same way as PUBG Ransomware; no, these examples are simply fake popups, claiming to have control of your computer.
This type of ransomware is easy to deal with, but the power of the concept is enough for these examples to be profitable. Victims pay up, completely unaware that they had no need to do so. Their data was not encrypted.
Such ransomware attacks typically come as a browser window popup. It appears that you cannot close the window, and that any message to the effect of “your files are encrypted; pay $300 in Bitcoin” is the only solution.
If you want to check if the ransomware you’ve been hit by is genuine, and not a cheap(er) scam, try closing the window. In Windows, use Alt + F4. It’s Cmd + W on Mac. If the window closes, update your anti-virus software immediately and scan your PC.
7. Ransomware in Disguise
Finally, it’s worth looking at some of the ways ransomware can deceive through appearance. You already know that fake email attachments are used to deliver ransomware to computers. In this situation, attachments appear as legitimate DOC files, sent with spam emails claiming that you owe money; the attachment is the invoice. Once download, your system is compromised.
Other disguises are used, however. For instance, the DetoxCrypto ransomware (Ransom.DetoxCrypto) claims to be the popular Malwarebytes Anti-Malware software, albeit with a slight name change (“Malwerbyte”). Then there’s the Cryptolocker variant (CTB-Locker) that pretends to be a Windows Update.
Thought you’d seen it all from ransomware? Think again! Scammers will stop at nothing to grab the contents of your wallet, and they’re coming up with new types of ransomware all the time.
If you’re concerned about being held to ransom, see our guide for steps on defending yourself against ransomware. Too late? Perhaps one of these tools can be used to break the ransomware encryption for you.