A new type of ransomware demanding nude photos rather than cash is protected by most antivirus programs and appears to be no more than a joke.
MalwareHunterTeam researchers have discovered a new kind of ransomware called nRansom, which locks the computer and demands victims to share their nude photos as ransom instead of money.
Ransomware is a strain of malicious software that threatens to steal the victim’s data or disable access to it until and unless a particular ransom is paid.
This particular strain of hacking is considered one of the most serious types of cyber threats.
With thousands of variants of malware infecting machines all over the world every day, ransomware attacks have become a nightmare for organizations and to the public.
Once affected, the victim needs to pay ransom through cryptocurrency, typically Bitcoins, within the given time the attackers require.
But in the case of nRansom, cybercriminals have come up with a different kind of approach to breach the security of data.
nRansom blocks the target system but instead of demanding money, this malware demands nude photos of the affected user.
A ransom note stating “Your system has been locked” will appear on the victim’s screen and asks to email the hackers. “After replying, you must send at least ten nude pictures of you.
After that, we will verify that the nudes belong to you or not.” The note also states that once the pictures are checked, they will give the encrypted code so the victim can unlock their device.
Consequently, though, the hackers threaten to sell the nudes on the dark web.
The number of users who fell prey to this malware is still unclear.
nRansom is just a blocker and does not encrypt the data like other types of ransomware.
Once a device is infected, the nRansom malware program can be found in a file, named “nRamsom.exe,” that clearly states that this malware affects only Windows users.
The leading public malware repositories Hybrid Analysis and VirusTotal have classified that the executable file is malicious and the malware is legitimate.
The MalwareHunterTeam stated on Twitter that when the nRamsom.exe file is run, a lock screen with several images of Thomas the Tank Engine (a character from a popular children’s television show) appears in the background with a message asking for the nude pictures.
Then a file titled “your-mom-gay.mp3” will be extracted from a random folder to play the theme song for Curb Your Enthusiasm in the background.
Then the lock screen message demands the victim to send the nudes to a ProtonMail email address that holds the username “1_kill_yourself_1.”
The criminals behind the creation of this malware have yet to be caught.
But the fact that nRansom is filled with bugs indicates that the program isn’t exactly sophisticated in the first place.
Furthermore, MawareHunterTeam points to an entry on VirusTotal that hints the nRamson.exe file is detected easily and fought by 50 out of 65 antivirus programs.
Considering the email address embedded in the warning message is no longer accessible, it could very well be a prank that won’t do any harm to the data on victims’ computers.
As the ransom here is much more valuable than money, the experts are strictly advising never to pay the ransom.
Since nRansom is a blocker, the code needed to unlock the screen is 12345.
However, in some cases due to some bugs in the nRansom program, the screen might unlock even after the code is entered.
In such situations, it’s possible to disable the malware by minimizing the screen and ending the nRansom.exe process.
In the worst case, if the blocker somehow sneaked onto the system, the victim can easily unblock the computer by pressing Ctrl + Alt + Shift + F4 simultaneously.
A full scan of the system is recommended after that.