November 11, 2016
Ransomware is today’s most hated computer virus. However, the destructiveness of each ransomware depends on its roots. Is it part of an active, highly successful ransomware family periodically releasing new versions? Or is it one of those oddly “shaped” viruses that could make you laugh (if it weren’t for the file encryption)?
We have been observing various ransomware viruses, and we can definitely say that some of them appear more… professional than others. The list you are about to encounter has gathered some of the less adept ransomware cases. How are they different than Locky and Cerber? It appears that these pieces were all “coined” by non-professional cyber criminals via the ransomware-as-a-service model. Just a look at their ransom notes is enough for you to determine the level of greatness of their creators.
Let’s not forget that malware-as-a-service has helped many willing souls turn to the Dark Side… or, more precisely, the Dark Web. Po-tay-to po-tah-to.
Enough with the introduction! Here are some of the funnier ransomware cases we have come across during our daily malware researches.
Hollycrypt Ransomware Demands Vodka
Hollycrypt is yet another cryptovirus based on the HiddenTear open source project. Each encrypted file will have the extension .Hollycrypt appended to it. It uses the AES encryption algorithm and demands Bitcoins or Vodka as payment:
This is the Hitler-Ransonware!
Some ransomware were obviously coined by a) non-professional cyber crooks and b) non-English speakers with English as bad as the language skills of a Russian F-grader. The ransomware was still in development when it was uncovered by security researchers at AVG. Nonetheless, the ransomware was still able to encrypt and even delete the compromised files. It could also cause a BSOD and lock the screen displaying an 1-hour deadline for the ransom to be paid. Most interestingly, the virus aimed to get users to purchase a Vodafone card for 25 Euros and add its code in a text box. And it also
displayed some quite poor English! Even ransomware is misspelled, as evident by the ransom note:
Decryptor Files Are Available at the Post Office!
A variant of the Troldesh/Shade ransomware family, dubbed Drugvokrug727 was spotted recently. The wallpaper placed on a compromised computer features a digital sketch of the main character from the movie “The Big Lebowski” – the Dude.
It may be a coincidence but this ransomware could really be called a “dude” as it didn’t specify a payment for its decryption key, and it also didn’t urge victims with a payment timeframe. Plus, Drugvokrug727 has already been decrypted by researchers!
Smash! Ransomware Wants to Stab Your Files
The ransomware wants to be something it really isn’t – a deadly crypto virus that successfully encrypts files and is persistent to decryption. Instead, Smash! Ransomware is only capable of blocking access to various Windows processes and apps. Even though the ransom note screams violence and aggression, all it really turns out to be is… much ado about nothing.
A vivid example of a poorly drawn ransomware:
This Ransomware Is the Grandpa You Wish You Never Had!
DedCryptor appends the .ded file extension to encrypted files. If you didn’t know, ded means grandpa in Russian. Once the victim’s files are encrypted, DedCryptor would change the wallpaper with a message that features a vulgar and demonized photo of Santa Claus, making it all seem like a joke. Apparently, DEDCryptor is no joke as it demands 2 Bitcoin which amounts to 700 USD.
Researchers believe that the ransomware may be a variant of the EDA2 open-source ransomware, suggesting the virus could have been posted for sale on deep web markets, thus generating more profit for the master minds of the operation.
Joke or No Joke, You Should Be Protected against All Ransomware
Plenty of people across the Internet have been victimized by ransomware.
A ransomware or any other malware attack should have an educational purpose, if nothing else. A successful attack should increase the user’s paranoia and should also make them a tad more careful with online activities of all types. The importance of regular data backups and appropriate data hygiene is bigger than ever. There is no joke here.
If you’re reading these lines because you were attacked by any of the above-mentioned ransomware viruses, have a look at the steps provided below. And remember the phrase:
| “Fool me once, shame on you, fool me twice, shame on me!”
Manually delete Any Ransomware Virus from your computer
News Courtesy : http://sensorstechforum.com/ludicrous-ransomware-2016/