Some versions of ransomware have a better shot at succeeding than others. RansomDemoN will likely not be a major success unless it can get people to click a button that will encrypt their files. Let’s take a look at this particular piece of malicious software.
RansomDemoN is Different and Strange
Creating a unique type of ransomware is not all that easy. Granted, there are many different things developers have yet to attempt, though we can only hope those efforts will all be in vain. Some creators have taken things to the next level by following an alternative path altogether. RansomDemoN is one of the most harmless types of malware to date, unless you can be tricked into clicking a button that will encrypt your files.
The look of RansomDemoN is familiar. Anyone who has seen an image of the WannaCry ransomware will recognize its layout, including the small window on the top left-hand side. Likewise, the text in the RansomDemoN screenshot almost looks identical to that of WannaCry, which goes to show this is a copy-and-paste project more than anything else. Unfortunately, that is a pretty common trend among malware developers these days.
What makes RansomDemoN really interesting — or perhaps really boring — is how it seemingly does nothing at all. It does not encrypt files despite expecting victims to pay a Bitcoin ransom. That does not mean this malware is completely harmless, but you would have to be a very odd internet user to successfully have your files encrypted by this program.
Someone's working on RansomDemoN ransomware.
Click on Encrypt to encrypt for now.
Note copied from WannaCry.@BleepinComputer @demonslay335 pic.twitter.com/JnOewbh6NU— MalwareHunterTeam (@malwrhunterteam) July 29, 2017
RansomDemoN has an “Encrypt” button at its bottom left corner. Hitting that button will encrypt your files, although some reports say it still has a small chance of success. It is unclear why any developer would include an encrypt button as part of his or her creation and ransom note. That would seem rather unusual and counterproductive. One cannot expect people to be so naive as to download ransomware and encrypt their files themselves.
There is also a Bitcoin address included in the ransom note, and victims will see a”pay” button, supposedly designed to take them to a payment page. This has not been confirmed at this time, but it shows there is some potential as far as this creation is concerned. Considering that Bitcoin is anything but an anonymous payment method, the choice to accept payment using that particular cryptocurrency remains highly debatable at this point. Monero would have been a far better solution.
There will be some interesting evolutions in the world of ransomware over the coming months. Asking victims to inflict harm upon themselves and then pay someone else to restore file access seems crazy, but it just might work. A lot of people are curious about what all of those fancy buttons do exactly, and some people will certainly click every button they can. For now, RansomDemoN offers nothing that internet users should be afraid of. However, no threat should ever be taken lightly these days.