New ransomware demands political statements, not money

New ransomware demands political statements, not money
© Getty Images

Researchers have discovered new ransomware hitting government targets in the Middle East. But rather than looking for money, this ransomware is meant to extort a political statement.

"It's an innovative use of ransomware," said Ryan Olson, director of threat intelligence at Palo Alto Networks, the firm that made the discovery.  

Ransomware is malware that prevents systems from working properly or disables access to files until a user pays a ransom. Popular variants often lock phones or encrypt files, only returning access once a ransom is paid. 


In the case of the newly discovered ransomware, which Palo Alto is calling RanRan, government entities were not asked to pay money. Instead, they were asked to set up a subsection of their government website with a threat against an elected politician in the web address, with contact information to receive the decryption key. Olson compares it to requiring the State Department to set up an "IHatePresidentTrump.state.gov" website.

To protect the anonymity of the clients who brought them the case, Palo Alto has to be vague about the targets and any attribution it has made. But Olson will say that RanRan was discovered in a targeted set of government agencies of a Middle Eastern nation. He adds that the information the company has gathered leads them to believe this is more politically motivated than a rebellious prank. 

RanRan itself is rudimentary ransomware. The password for decryption could easily be derived from a file added to each system titled "pass," and there were errors in the encryption processes. Palo Alto was able to handle the attack without the agencies capitulating to its demands.

"I suspect we will see more of these kinds of ransomware — but not much more, because the attack didn't work." said Olson. "If ransom was made, we would see other trying to extract the same embarrassment."