{"id":9451,"date":"2017-09-21T15:45:09","date_gmt":"2017-09-21T23:45:09","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/09\/21\/news-3224\/"},"modified":"2017-09-21T15:45:09","modified_gmt":"2017-09-21T23:45:09","slug":"news-3224","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/09\/21\/news-3224\/","title":{"rendered":"This Ransomware Demands Nudes Instead of Bitcoin"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/video-images.vice.com\/articles\/59c437df1d0e1609a71c1fb8\/lede\/1506036274946-DKRYVLwWAAEwtgB.jpeg\"\/><\/p>\n<p><strong>Credit to Author: Lorenzo Franceschi-Bicchierai| Date: Thu, 21 Sep 2017 23:25:11 +0000<\/strong><\/p>\n<p> For years, cybercriminals have been extorting victims by locking their computers with malware. The hackers promise to give the victim their files back as long as they fork over the cryptocurrency\u2014typically Bitcoin\u2014within the stipulated time limit. Now, someone has added a new, perverse twist to <a href=\"https:\/\/motherboard.vice.com\/en_us\/topic\/ransomware\">this tried and tested scheme<\/a>: demanding naked photographs instead of Bitcoin.<\/p>\n<p> Researchers at <a href=\"https:\/\/twitter.com\/malwrhunterteam\" target=\"_blank\">MalwareHunterTeam<\/a>, a research group focused on ransomware, spotted the software, called nRansomware on Thursday. The group posted a screenshot of the message that&#8217;s displayed when a victim gets infected:<\/p>\n<div style=\"max-width: 550px;\" data-iframely-id=\"ak437Rb\" class=\"article__embed article__embed--iframely\">\n<div style=\"left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.25%;\" data-iframely-smart-iframe=\"true\"><iframe  src= width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/div>\n<\/div>\n<p>&#8220;Your computer has been locked,&#8221; reads the message, which then asks the victim to email the hackers. &#8220;After we reply, you must send at least 10 nude pictures of you. After that we will have to verify that the nudes belong to you.&#8221;<\/p>\n<p> The message is displayed on top of an haphazard background made of several images of the fictional children&#8217;s character Thomas the Tank Engine and a smiley face with the writing &#8220;FUCK YOU!!!&#8221; in bold. It&#8217;s not clear how many people have been hit with this ransomware, or how serious the hackers behind it really are. <\/p>\n<p class=\"article__blockquote\"> <b> Read more: <\/b><a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/59pp5d\/this-is-what-it-looks-like-when-you-get-hit-with-the-notpetya-ransomware\"><b> This Is What It Looks Like When You Get Hit with the NotPetya Ransomware<\/b><\/a><\/p>\n<p> To some extent, the malware does appear to be legitimate. The file, nRansom.exe, is classified as malicious by several antivirus engines, including <a href=\"https:\/\/www.virustotal.com\/en\/file\/c89944f9ec704c2b8da3a1acf726699022e7c68334110f72007d762217a9a4a5\/analysis\/1506022612\/\" target=\"_blank\">VirusTotal<\/a> and <a href=\"https:\/\/www.hybrid-analysis.com\/sample\/c89944f9ec704c2b8da3a1acf726699022e7c68334110f72007d762217a9a4a5?environmentId=100\" target=\"_blank\">Hybrid Analysis<\/a>, which are both public malware repositories. Other users on Twitter also reported spotting more samples of this particular ransomware.<\/p>\n<p>Malware can end up on these repositories if someone manually submits an entry and details what and does and how, or if malware is submitted and is then automatically analyzed. Motherboard attempted to infect a virtual machine with the malware but was unable to do so.<\/p>\n<p> But it could very well be a prank or fake ransomware that doesn&#8217;t actually encrypt a victim&#8217;s files. The malware also appears to play looped music\u2014from a file called your-mom-gay.mp3 that is actually the Curb Your Enthusiasm theme song\u2014in the background, according to the MalwareHunterTeam. <\/p>\n<p> We contacted the hackers via the email address included in their ransom message. They didn&#8217;t immediately respond to our questions. <\/p>\n<p> In any case, while this ransomware is clearly gross, sadly, it&#8217;s not unexpected. Hackers have for years used <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/vbgbvm\/the-dirty-hackers-who-steal-passwords-for-jealous-lovers\">malware to spy on women<\/a> and steal their nudes or access their <a href=\"https:\/\/arstechnica.com\/tech-policy\/2013\/03\/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams\/\" target=\"_blank\">webcams<\/a>. <\/p>\n<p class=\"article__blockquote\"> <b> <i> Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzo@jabber.ccc.de, or email <\/i><\/b><a href=\"mailto:lorenzo@motherboard.tv\" target=\"_blank\"><b> <i> lorenzo@motherboard.tv<\/i><\/b><\/a><\/p>\n<p> <b> <i> Get six of our favorite Motherboard stories every day <\/i><\/b><a href=\"http:\/\/motherboard.club\/\" target=\"_blank\"><b> <i> by signing up for our newsletter.<\/i><\/b><\/a><\/p>\n<p><a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/yw3w47\/this-ransomware-demands-nudes-instead-of-bitcoin\" target=\"bwo\" >https:\/\/motherboard.vice.com\/en_us\/rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/video-images.vice.com\/articles\/59c437df1d0e1609a71c1fb8\/lede\/1506036274946-DKRYVLwWAAEwtgB.jpeg\"\/><\/p>\n<p><strong>Credit to Author: Lorenzo Franceschi-Bicchierai| Date: Thu, 21 Sep 2017 23:25:11 +0000<\/strong><\/p>\n<p>It was inevitable. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,13328,10378],"tags":[4500,87,6272,3919,13408,10573,32,15016,3765,1953,9581],"class_list":["post-9451","post","type-post","status-publish","format-standard","hentry","category-independent","category-motherboard","category-security","tag-cybersecurity","tag-extortion","tag-hackers","tag-hacking","tag-information-security","tag-infosec","tag-news","tag-nudes","tag-ransomware","tag-sex","tag-tech-news"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9451"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9451\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9451"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9451"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}