A new piece of ransomware has been discovered which forces its victims into political sedition. Palo Alto Networks’ Unit 42 recently spotted the piece of ransomware, dubbed, RanRan, on systems in Saudi Arabia and the Philippines.
Palo Alto Networks released a report on 8 March, stating that it had seen the ransomware go to town on a relatively small number of middle eastern government organisations.
What is unique about this particular piece of ransomware is that it blackmails those affected into making publically incendiary political statements. The victim is enjoined to create a subdomain with a politically seditious name and then create a ransomware.txt file hosted on that subdomain. The victim now has to publically announce their “rebellion” against their country’s leader.
Alex Hinchliffe, threat intelligence analyst at Unit 42, Palo Alto Networks said that “The intent clearly is political. That said, ransomware attackers frequently make additional demands before they give victims their data (if they ever do). There’s no reason why these attackers couldn’t do the same and respond to victims who accede to these initial demands with additional demands of a political or financial nature, or both.”
This might prove a dangerous ransom to pay in Saudi Arabia, where some have claimed the ransomware was found, and in the Philippines where Malwarehunter announced there had been an occurrence in January. This could run victims into trouble in both countries. Saudi Arabia has notoriously harsh censorship laws, where speech critical of the government or royal family can lead to prison time or physical punishment. Free speech has a number of criminal limitations in the Philippines, including “online libel”, which carries a potential 12 year jail sentence.
This article originally appeared at scmagazineuk.com
[relatedYouTubeVideos relation=”postTitle” max=”1″ class=”horizontal center bg-black”]