New Ransomware Uses Info from Your Social Media Accounts to Trick You

New Ransomware Uses Info from Your Social Media Accounts to Trick You

It’s not news that cybercrime is cruel, but this case is just plain evil.

Ransoc is a recently discovered form of ransomware that infiltrates your PC and scrapes personal data from your social media accounts and local computer files. Once your personal data is acquired, cybercriminals craft a personalized demand for money that threatens legal action if not paid.

Ransoc uses an alarming combination of data breaches and social engineering to trick its victims. You’ll need to be on your toes to avoid it.

How Ransoc Functions

According to Danny Palmer from ZDNet, Ransoc isn’t the first ransomware to use social engineering to dupe victims. Virlock, which saw some activity back in September, threatened victims with anti-piracy warnings from the FBI. What makes Ransoc unique by comparison is the level of personalization in the fake demands, making them appear far more credible.

Ransoc infects your computer through malvertising traffic aimed at Internet Explorer on Windows and Safari on OSX. Unlike most ransomware, it doesn’t encrypt your computer files; instead, it locks your computer and splashes a demand across your screen. To those well-versed in cybersecurity, the technique may come across as dated, but Ransoc is doing more underneath the surface.

Once your computer is infected, Ransoc searches through your hard drive and social media accounts for any data that can be used against you. The data that is recovered is then used to produce a ransom note with images from your Facebook and LinkedIn accounts. Creepy. The ransom note is written as if it’s from a legitimate source threating legal action.

ransoc-5.png
Photo courtsey of Proofpoint

To further trick you, there is a variant of Ransoc that only produces a ransom note if you actually do have illegal media files on your computer. For example, movie and music torrent downloads would trigger the Ransoc variant. From there, you would be threatened with a public court case if you don’t pay the ransom. The true villainy here is that Ransoc is threatening to destroy the reputation of its victims for money, which is a scary road for cybercrime to go down. 

Ransoc requests payment by credit card and promises your money back if you don’t “get caught” again in 180 days. This, of course, is another lie. You’ll never see the money you pay again. Don’t pay it! 

What to Do If Your Machine Is Infected by Ransoc

If you’re faced with Ransoc, simply rebooting your computer in Safe Mode should remove the malware from the system. Palmer explains that the computer reboot works due to the malware using a registry autorun key to stay in your system.

Though the fix removes the malicious software from your system, the damage may already be done by the time it’s gone. If you have experienced a computer-locking episode like this, be aware that a phony FBI demand might be headed your way. With personal pictures of you included in the demand, it can be hard to resist the initial urge to believe the threat is fake but doing so will save you money and a headache. Besides, do real FBI demands usually come with your own Facebook pictures included? I doubt it.

A few other avoidance techniques to keep in mind:

  • Don’t use Internet Explorer. If you have upgraded to Windows 10, Internet Explorer has been replaced with Microsoft Edge. Upgrade your computer to the latest OS already!
  • Not that any of our readers would do this sort of thing, but resisting the urge to illegally download media, including movies and music, might save you the stress of extortion later.

As is the case of any potential security breach, if you’ve experienced a computer lock down, reach out to your IT support team immediately.

Have you ever been a target of social engineering? Share your story with us in the comments.

Written by Tyler Smith