Report: New scam demands ransom payment — but does not deploy ransomware

Jessica Kim Cohen - Print  | 

There's a new type of ransomware scam making its way across the internet, according to English IT security company Sophos.

Ransomware is a type of malicious software that encrypts a victim's computer files, which cyberattackers offer to decrypt in exchange for a ransom payment. A cyberattacker using ransomware will typically demand payment in bitcoin.

In a June 22 warning, Sophos highlighted a group of scammers who are flipping the script. These particular scammers send an email to their target, claiming they have already installed a new type of ransomware — "WannaCrypt" — on their devices.

"We have improved operation of our program, so you will not be able to regain the data after the attack," the email reads, according to Sophos. "Antivirus software will not be able to detect our program, while firewalls will be strengthless against our unique code."

The email specifies a date on which all files held on the target's computers, servers and mobile devices will supposedly be encrypted and subsequently erased by WannaCrypt. To avoid any potential data loss, the scammers demand 0.1 bitcoin, an estimated $650.

However, Sophos wrote the scammers haven't actually installed any malware. Although disk-wiping malware — or ransomware with no decryption key — does exist, it does not appear these scammers are deploying it.

"The whole thing is a fraud, right down to the existence of the malware in the first place," Sophos wrote.

More articles on cybersecurity:
Top cybersecurity vendors, as ranked by KLAS
MD Anderson slapped with $4.3M penalty for HIPAA violations
Ransomware attacks down despite general hike in cyber intrusions

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.