nRansom asks for nudes in exchange to your locked files

Nude photos – as digital currency

nRansom is regarded as a prank rather than a destructive virus

A few days ago, virus researchers had a good laugh after they found nRansom[1] ransomware. Not only the ransom message evoke smile after seeing its logo with the Thomas the Tank, but the demands are hilarious and absurd as well. Unlike typical ransomware, for instance, Ykcol (new Locky) which again raised the price up to 0.5 bitcoins, this malware asks for 10 your nude photos. Is it a new generation ransomware or a mere prank?

nRansom – hackers’ sort of “vacation”?

However, 10 nude photos are only the beginning of the story. The perpetrators instruct victims to send the photos to They continue making fun of users by stating that they will not reply instantly.

What is more, the felons mention that they will verify the photos[2]. However, the methods of such verification indeed spark intrigue. Even if victims risk sending the compromised material, the hackers will send you the decryption key and still publish the photos on the dark web.

Interestingly, the developers launched a second version after a couple of days since the original version appeared. The latest edition functions via nRansom2.exe file and asks you to kill 10 people, send the video as well as 20 personal nudes. The email address changes to

This type of ransomware may indeed seem funny, but not for the victims of the threat. However, they may not know the fact that nRansom virus is actually a screen locker rather than a file-encrypting threat. The unlock code was 12345, though it seems to have ceased functioning anymore as well as the first email address is shut down.

At the moment, there are no reports about the victims (on the other hand, who would confess?). While this malware is a buggy screen locker, the fact that the fraudsters continue generating new versions of this prank[3] might be worrying.

A prank to direct attention from bigger cyber issues?

Looking from IT researchers’ perspective, nRansom screen locker is indeed an easy virus to crack. Now their attention rests on Locky which continues rampaging in the new form of Ykcol version. CryptoMix devs also restlessly generate new versions the latest being Shark virus.

The “white hats” also have to solve the riddle how cyber criminals managed to corrupt CCleaner v5.33 version. As users find themselves in the midst of these cyber wars, they have to pay attention to these tips:

  • update system and security tools
  • avoid installing programs which are issued by “unknown publishers”
  • verify the sender of an email attachment
  • double-check and inquire your friend about the sent video link on a social media
About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions