While it may seem like it is defeating the purpose, some ransomware developers created a program where they can take over a computer and hold it hostage so the victim can get it back intact.
But if the victim does not pay, they can still get it back intact one month later.
CryptoLocker, a file-encrypting ransomware, is the classic malware where users know if their system ends up hit, they most likely will never see their files again.
But a new version of Trojan.Ransomscript can give victims some hope, said researchers at Symantec in a blog post.
After the ransomware encrypts files and gives them an extra extension (.OMG), a text document containing instructions on how to recover the data ends up filed in all folders that contain encrypted files. After the ransom note, there is a paragraph which reads the following:
“P.S. Remember, we are not scammers. We don’t need your files. If you want, you can get a decryptor for free after a month. Just send a request immediately after infection. All data will be restored absolutely. Your warranty – decrypted samples and positive feedback from previous users.”
So while they hope they can convince victims into paying up to recover their files, those who don’t pay still may have hope of recovering data one month later.
Trojan.Ransomcrypt.G is similar to other ransomware. However, according to Symantec researchers, unlike other threats, Ransomcrypt.G doesn’t automate the transfer of encryption keys between the command and control server and the victim’s computer.