According to security researcher Andrew Brandt, his research colleagues picked up a Ukrainian ransomware trojan that demonstrated that the concept of how payment can extend to services other than banking or finance.
"In this case, the Trojan – which we and several other AV companies call Trojan-Ransom-Krotten – thoroughly locks down the infected system then demands payment in the form of credit paid to the Ukrainian mobile phone provider Kyivstar, which the victim then has to transfer to the malware distributor's account", he said in his Webroot security blog.
Brandt says that, once the ransomware has taken hold on a victim's computer, it locks down the operating system in dozens of different ways, "as well as changing several registry keys that add juvenile, profane text to Internet Explorer's title bar and elsewhere on the desktop and in folders."
The Webroot researcher says that paying the 'ransom' in these cases simply emboldens the malware creator to continue his crime spree.
"Of course, even once a victim hypothetically pays this ransom, there's also no guarantee that there is any way at all for the malware distributor to reverse the damage - which takes the form of significant levels of annoyance - caused by this insipid Trojan", he said.
Fortunately for the victim, Brandt advises that the creator of this Trojan "isn't the sharpest tack in the box".
Not only were Webroot's researchers easily able to tease out the Trojan's payloads and add signatures, which would prevent the Trojan from delivering its payload files to a victim's computer, but they "were able to see exactly how the author (ineffectively) tries to frustrate the kinds of behavioural analysis we and other anti-virus vendors perform."