Adware Ransomware Browser hijacker Mac viruses Trojans

nRansom asks for nudes in exchange to your locked files

by Julie Splinters - - 2017-09-27

Nude photos – as digital currency

nRansom is regarded as a prank rather than a destructive virus

A few days ago, virus researchers had a good laugh after they found nRansom^[1] ransomware. Not only the ransom message evoke smile after seeing its logo with the Thomas the Tank, but the demands are hilarious and absurd as well. Unlike typical ransomware, for instance, Ykcol (new Locky) which again raised the price up to 0.5 bitcoins, this malware asks for 10 your nude photos. Is it a new generation ransomware or a mere prank?

nRansom – hackers’ sort of “vacation”?

However, 10 nude photos are only the beginning of the story. The perpetrators instruct victims to send the photos to 1_kill_yourself_1@protonmail.com. They continue making fun of users by stating that they will not reply instantly.

What is more, the felons mention that they will verify the photos^[2]. However, the methods of such verification indeed spark intrigue. Even if victims risk sending the compromised material, the hackers will send you the decryption key and still publish the photos on the dark web.

Interestingly, the developers launched a second version after a couple of days since the original version appeared. The latest edition functions via nRansom2.exe file and asks you to kill 10 people, send the video as well as 20 personal nudes. The email address changes to 2_kill_yourself_2@india.com.

This type of ransomware may indeed seem funny, but not for the victims of the threat. However, they may not know the fact that nRansom virus is actually a screen locker rather than a file-encrypting threat. The unlock code was 12345, though it seems to have ceased functioning anymore as well as the first email address is shut down.

At the moment, there are no reports about the victims (on the other hand, who would confess?). While this malware is a buggy screen locker, the fact that the fraudsters continue generating new versions of this prank^[3] might be worrying.

A prank to direct attention from bigger cyber issues?

Looking from IT researchers’ perspective, nRansom screen locker is indeed an easy virus to crack. Now their attention rests on Locky which continues rampaging in the new form of Ykcol version. CryptoMix devs also restlessly generate new versions the latest being Shark virus.

The “white hats” also have to solve the riddle how cyber criminals managed to corrupt CCleaner v5.33 version. As users find themselves in the midst of these cyber wars, they have to pay attention to these tips:

update system and security tools
avoid installing programs which are issued by “unknown publishers”
verify the sender of an email attachment
double-check and inquire your friend about the sent video link on a social media

About the author

Julie Splinters

Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions

References

^ MalwareHunterTeam. Not sure about this.... Twitter. Online Source for Communication and News.
^ John Snow. NRansom: Ransomware that demands your nudes. KasperskyLab. Learn how to stay protected from viruses.
^ Bill Brenner. What’s at risk from nRansom? Your memories of Thomas the Tank Engine. NakedSecuritybySophos. Award-winning computer security news .

Files

000.exe virus 17/12/21
Sitool.exe virus 22/10/21
wscntfy.exe 20/05/21
fsg_4104.exe 12/05/21
mmtask2.exe 12/05/21
NvMcTray.dll 11/05/21
iehelper.dll 11/05/21
gui.exe 07/05/21

Software

Restoro 10/03/23
eTrust Pestpatrol 30/04/21
OSHI Defender 27/04/21
Defender Pro Ultimate Security Suite 27/04/21
Ad Aware Pro 27/04/21
VIPRE Antivirus and Antispyware 27/04/21
MASTR SCAN 27/04/21
ParetoLogic Anti Spyware 27/04/21

Compare

Anti-spyware Comparison

Compare spyware removers