A newly discovered form of ransomware scrapes the social media accounts and local files of victims in order to tailor a customised demand, and threatens court action if it isn't paid.
Dubbed 'Ransoc' by cybersecurity researchers at Proofpoint due to its connection with social media including Facebook, LinkedIn, and Skype, this ransomware represents yet another evolution of the malicious software which has boomed during 2016.
Perhaps because it focuses on exploiting this fear, Ransoc doesn't encrypt the victims' files in the same way as ransomware like Locky does, but rather makes its demands via the desktop or browser after infecting the system through malvertising traffic aimed at Internet Explorer on Windows and Safari on OS X.
It might appear basic or dated compared to more sophisticated forms of ransomware -- desktop locking malware saw its heyday between 2012 and 2014 -- but Ransoc is built to search the victim's hard drive and social media accounts for data to use in its scheme. That data will then be used to tailor a ransom note featuring images from their Facebook and LinkedIn accounts disguised as a threat of legal action against the victim
Indeed, Proofpoint researchers discovered one variant of the penalty notice is only displayed when Ransoc suspects the victim has files containing illegal images or media files downloaded via torrents. In this case, Ransoc threatens the victim into paying a fine, or face the risk of any files being made public in a court case. Ultimately, Ransoc is preying on the victim's reputation rather than their files.