Ransomware isn’t a laughing matter, especially if you’re the victim.
Even if you don’t lose any data in the attack, it’s a bit like getting mugged by crooks who end up running off without your wallet.
But we couldn’t help cracking a bit of a smile at this one, blocked by Sophos products as Troj/Ransom-DJC:
If you click
[Submit] without paying, the window at the bottom left of the “pay page” changes like this:
We have no idea what happens if you do pay up, as we didn’t try.
Our important document files certainly disappeared from view when the ransomware triggered:
The crooks, we can only assume, are hoping that the threat of deleting your scrambled-and-hidden files one by one is enough to persuade you to pay up.
There’s also the attractive fact that this ransomware is cheaper than usual, a snip at BTC 0.2 (about $130) instead of the usual $300-$600 price point.
There’s a good reason for the heavy discount, however.
This is a new sort of cryptoransomware that we’re dubbing “boneidleware.”
Your files aren’t encrypted at all; they’re simply hidden with extreme prejudice: deleted, erased, gone for good, removed, zapped, trashed, nuked, fried, /dev/nulled, placed in File 13…
…so there’s no point in paying up at all.
We can’t imagine that the rest of the ransomware underground is very happy about this one.
Since CryptoLocker burst on the scene in late 2012, ransomware crooks have built up something of a reputation for “honour amongst thieves,” because paying up usually does get your data back.
The developers of this boneidleware are undermining all of that.
And that’s why we made an exception, and cracked a bit of a smile at this one.
What to do?
We regularly offer advice on preventing (and recovering from) attacks by ransomware and other nasties.
Here are some links we think you’ll find useful:
- To defend against ransomware in general, see our article How to stay protected against ransomware.
- To protect against misleading filenames, tell Explorer to show file extensions.
- To protect against VBA malware, tell Office not to allow macros in documents from the internet.
- To learn more about ransomware, listen to our Techknow podcast.