A few months ago, two ransomware scams made news for asking users to play video games in order to get their files back. One of them asked users to play Japanese game while the second one asked users to play “click me” game.
Now, a similar but a perverted kind of ransomware attack has hit the road that does not ask users for a ransom in Bitcoin but to submit their nude pictures, and in return, they might get their files back. Yes, you read that right.
Dubbed nRansomware, the ransomware was identified by a security researcher MalwareHunterTeam who shared the screenshot of the ransom note asking users for their private pictures. The note also displayed a brief message explaining how a victim can send their pictures to the cybercriminal behind this scam.
The note is powered by a theme song of popular HBO TV series Curb Your Enthusiasm and images of Thomas the Tank Engine character.
“Your computer has been locked. You can only unlock it with the special unlock code,” says the message. It further goes on to tell victims that they need to make a new email address on ProtonMail, an anti-NSA encrypted email service and send at least 10 explicit images of themselves.
“Go to Protonmail.com and create an account. Send an email to [email protected]
Furthermore, it informs victims that their pictures will be verified to ascertain if they belonged to them or not. Once it is done; they will sell their pictures on the Deep Web.
“After that, we will have to verify that the nudes belong to you. Once you are verified, we will give you your unlock code and sell your nudes on the deep web.”
Not sure about this…
Sample: https://t.co/[email protected] @demonslay335
cc @x0rz @malwareunicorn pic.twitter.com/j5CAL2AH3Y
— MalwareHunterTeam (@malwrhunterteam) September 21, 2017
According to the VirusTotel’s sample provided by the security researcher, AegisLab’s anti-virus detected it as “Troj.W32.Inject.tnKf” which is described by Kaspersky as malicious software that “perform actions which are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks.”
However, in a conversation with MotherBoard, the security researcher said that “It is a screen locker, so files aren’t encrypted. “We have no information about anyone getting infected with this.”
Computer malware like nRansomware can be brought in by any means, including spam emails, porn website, or the freeware bundle. Therefore, it is advised never open a spam email, never download attachments or click links from an unknown email and always scan free software you download from a third party website.