Got a social media account? Most of you do–and well, you’re in for a treat. A newly discovered form of ransomware is out and about, scraping the contents of your social media presences to send you a demand that you’ll be convinced is real enough to act (and to comply).
Called “Ransoc,” adequately dubbed because it’s a ransom ploy on your social media presence, the objective of the browser locker malware is to apply social engineering to get a victim scared sh*tless to have them pay up. If you’ve ever downloaded illegal files, particularly child pornography and media torrents, you probably have opened the door into this breed of ransomware to attack. Once active, it will serve up malvertising with monetary demands through Windows Explorer on Windows and Safari on a Mac.
What makes this particular strain of ransomware frightening is the utilization of social media using the information it knows from the files you’ve downloaded to further its message. Ransoc will learn what it can about you, scaring you into submission because your likeness will be used within these demands. It threatens to expose the evidence it has gathered from your computer to the public, with a specific target on you.
What is your reputation worth? Clearly a lot — you’re not willing to take that risk if you believe this to be true. You pay and hope it stops.
I can totally imagine what’s next: exposing your nude photos via a malvertising scheme and demanding a payment of $500 for them to go away. Oh no!
As Proofpoint, the security firm that discovered this browser locker malware, said:
By incorporating data from social media accounts and Skype profiles Ransoc creates a coercive, socially engineered ransom note to convince its targets that they are in danger of prosecution for their browsing habits and the contents of their hard drives. With bold approaches to collecting payments, the threat actors appear confident in their targeting, introducing new levels of sophistication to ransomware distribution and monetization.
Indeed, scary as hell.
So, how do you get out of it? Well, for one, you could pay via credit card–the choice of exit for these particular hackers. In fact, that payment has a 180 money back guarantee. Yep, if you’re not caught again within 180 days, you’ll get your cash back, or so they promise. I also have a bridge to sell you…
Fortunately, though, unlike other ransomware out in the wild, this one is easy to uninstall. It’s tied to a registry autorun key, so if you boot in Safe Mode, you can turn it off and clean up shop.
Our takeaway: Don’t um, download illegal files, mmkay?
Image source: Shuterstock