Even cyber criminals have a conscience, sometimes

Mar 7, 2014 23:01 GMT  ·  By

Ransomware that encrypts files and holds them that way until a ransom is paid by the victim is becoming more and more common. However, as researchers have found, some cybercriminals aren’t as ruthless as we’d imagine.

Since the emergence of CryptoLocker, the most notorious file-encrypting ransomware, many Internet users have become aware of the fact that if their computers get infected, it’s possible that they’ll never see their files again.

But security researchers from Symantec have come across a version of Trojan.Ransomscript that gives victims hope.

After it encrypts files and gives them an extra extension (.OMG), a text document containing instructions on how to recover the data is dropped in all folders that contain encrypted files. After the ransom note, there is a paragraph which reads the following:

“P.S. Remember, we are not scammers. We don’t need your files. If you want, you can get a decryptor for free after a month. Just send a request immediately after infection. All data will be restored absolutely. Your warranty – decrypted samples and positive feedback from previous users.”

So while they hope they can convince victims into paying up to recover their files, those who don’t pay up can still have their data back after a month.

Technically speaking, Trojan.Ransomcrypt.G is similar to other ransomware. However, according to Symantec experts, unlike other threats, Ransomcrypt.G doesn’t automate the transfer of encryption keys between the command and control server and the victim’s computer.