Ransoc ransomware: Does not encrypt, but searches for illegal content like torrents

Share this with people that should know this:

The Ransoc ransomware is a ransomware variant that uses locally installed social media tools like Skype and Facebook to collect personal pictures – once it has collected the pictures it will use the pictures in its ransomware note. The ransomware note is then presented to the user that is using the device.

Various security companies have performed research on the Ransoc ransomware. Bleepingcomputers mentioned that they were not able to get the Ransoc ransomware operational in their labs, but the security company Proofpoint published an detailed report on the ransoc ransomware here.

The interesting part about this ransomware is the fact that is does not encrypt the data it finds – instead, it uses the data to craft a ransomware note. Ransoc searches for all kind of illegal activity on the device – from torrents to strings associated with CP.


Another interesting point about ransoc is the fact that it does not support Bitcoin payments, it only supports direct credit card payments.

Share this with people that should know this: