Ransoc is a bold ransomware that threatens legal action if you don’t pay

Madeleine Dean By: Madeleine Dean
2 minute read

Security researchers have recently detected a new vicious, bold ransomware named “Ransoc“. This malicious program sneaks into your computer, searches for illegally downloaded content, takes a look at your social media accounts and then threatens to make your disreputable content public if you don’t pay the ransom.

If you’ve saved materials that violate intellectual property rights, sexual abuse materials or other suspicious content, Ransoc offers you the possibility to settle the case out of court.

Ransoc is definitely not your regular ransomware. Instead of encrypting your files, the malware searches for illegally downloaded content and stores personal information found on your social media accounts. The ransom note includes images from social media accounts together with a legal action thread.

The ransomware threatens to expose the so-called evidence to the public and the fact that it displays actual social media information helps it lure its victims to pay the money. We must admit that targeting reputation rather than the files themselves is a very smart move. Moreover, to encourage payment, the ransom note promises that money will be sent back if the victims “stay clean” in the next 180 days.


According to security researchers, this ransomware is spread via malvertising traffic primarily fed by the Plugrush and Traffic Shop traffic exchanges on adult websites and its favorite target is Internet Explorer. If you’re running old, unsupported versions of Internet Explorer, you need to upgrade your browser version as soon as possible.

In a sandbox environment, we observed this new malware perform an IP check and send all of its traffic through the Tor network. Further examination revealed that the malware scanned local media filenames for strings associated with child pornography.We also noticed that it was running several routines interacting with Skype, LinkedIn, and Facebook profiles. […]  It appears that this penalty notice only appears if the malware finds potential evidence of child pornography or media files downloaded via Torrents and customizes the penalty notice based on what it finds.

The good news is that Ransoc uses a registry autorun key. This means that rebooting in Safe Mode should allow users to remove the malware. As always, prevention is better than a cure and we recommend you install one of the following anti-hacking tools on your computer.


For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).


Next up

Windows 10 KB4467708, KB4464455 fix black screen and camera issues

Giles Ensor avatar. By: Giles Ensor
3 minute read

In this article, we are going to be talking about two November 2018 Patch Tuesday updates – KB4467708 and KB4464455. Both these updates are quality improvement […]

Continue Reading

Surface Pro 3 gets new security updates, install goes smoothly

Giles Ensor avatar. By: Giles Ensor
2 minute read

After recent bad news stories about updates released by Microsoft for Windows 10, that you can read here and here, it is refreshing to read (or […]

Continue Reading

Best Windows 10 antivirus software to use in 2018

Radu Tyrsina By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading