Ransomware tactics are also evolving constantly and one can witness it with a new strain on the web with the name RansSIRIA, which locks down your files and ‘pleas’ for the ransom payment. The perpetrators of these ransomware attacks are claiming that they donate ransom money to Syrian refugees.
The security team, who discovered RansSIRIA, has declared it as a new variant of WannaPeace ransomware that specifically targets Brazilian users. As soon as the payload of this ransomware is transferred on the device, a forged MS Word window starts to appear until the encryption activity ends.
As soon as all the files are locked down, a ransom window in Portuguese starts to appear on the screen. The ransom note very poignantly reminds the affected users of a human tragedy Syrians are enduring. The ransom note then, in a manner of request, asks the users to pay money to restore their ransomware files and to restore the dignity of all those war-torn Syrian refugees.
To manipulate the affected users psychologically, the ransomware also shows horrific pictures and a video of the Syrian war, and how it is affecting children. Like any other ransomware operator, RansSIRIA’s developers are also demanding ransom or ‘donations’ in cryptocurrency.
There is no doubt that Syrians are going through a living hell and no one can even claim to identify with their plight. Unfortunately, some callous souls, like the operators of RansSIRIA are trying to benefit from their tragedy. They are not going to donate ransom payments to Syrian refugees. It’s just another ploy to trick the affected users to pay them instead of employing professional services to restore ransomware files.
The researchers are suggesting that this ransomware strain is still in its budding phase and the perpetrators haven’t commenced a mass attack so far. The Google statistics also show that RansSIRIA is just a month old strain.
We strongly advise our readers to refrain from paying any money to the attackers out of guilt or conscience because they are not doing it for charity. Like any other cryptovirological activity, they are demanding extortion money to restore ransomware files.
