A new ransomware, Ransoc, has hit the dark web. According to ZDNet, this ransomware executes quite differently than most. Ransomware, the malware that locks computers and files until a ransomware is paid, typically encrypts one’s most important files. Ransoc does not encrypt files. Prior to locking the PC, the variant searches the computer for illegally downloaded material. Once illegally downloaded materials are found, the ransomware locks your computer. After locking your PC, the cyber criminals exploit the fact that illegally downloaded materials are on your PC, stating you must pay a ransom via credit card, or the authorities will be notified.
But it get better. If the victims don’t download any more illegal materials in 180 days, they’ll be refunded their money. Or so the hackers say.
The good news is, the malware uses an auto-run registry key. Therefore, rebooting the PC in safe mode should allow for the ransomware to be removed.
To prevent future attacks, it is recommended you implement a security solution that utilizes application whitelisting technology. PC Matic uses an automated whitelist approach for home users. PC Matic Pro is also available for business use.
