Today I came across a harddrive that had a folder in the desktop folder named '0K, this directory is for Ransomware detection (just leave it here)'.
Inside the folder were a bunch of bogus files that struck me as bait files for ransomware. It had a .jpg, a .txt, a docx, basically some odd 10 files there contained seemingly random data (e.g. the .jpg was a picture of static, like analog tv static, the txt file was filled with characters again seemingly random.
I had never before seen any of such files, and google gave me nothing but some polish or russian hits, but the same folder does appear in quite a bit of pc's, if I were to believe the logfiles posted on various sites (amongst which bleepingcomputer.com) in the process of removing their infection of all kinds.
At the time I didnt put mucht thought in it, i just wanted to know if this particular drive was infected and no program started crying so I was satisfied, but now the thought doesnt leave me alone, for I think it may be a smart way to catch the encryption key of a ransomware infection. If the files in that folder are in a way random, yet it's original content is well known in a secure place, it would make sense that calculating the encryption key could be 'easy'.
Thing is I cant find any information on that folder, does anybody know if some antivirus program or something made these files and are they by chance effective in case of ransomware removal? Since the folder for everybody is in the same place (the /desktop folder) and seems to have the same name (the first character is a zero, rather than an Oh) in case it occurs,i would also think it would not be hard for a payload to discriminate this folder and skip it, so I'd be happy to read any comment about this matter..
Anybody? Thanks for reading and your input!