In a recent analysis of a new ransomware, we uncovered a unique twist to the “payment” method for recovering your files. The hackers require the victim to send in at least 10 nude pictures of them. Once the victim sends in the images, the hackers will supposedly verify it is actually you, and then sell your images on the Dark Web.
To add insult to injury, this .NET ransomware plays a song titled your-mom-gay.mp3.
Fortunately for anyone who may fall victim to this threat, the ransomware does not appear to encrypt any files on the computer. In fact, the program is so poorly coded, that simply entering a random string of characters will cause the program to crash.
The decryption code for this ransomware is ‘12345’. However, rebooting the computer will terminate the ransomware process.
We can only hope that this is the work of a script-kiddie, or someone with too much time on their hands, and that it won’t spread like WannaCry.
IOC: MD5 9a60890fc062d10d826c31d049706ab7
SHA1 3ae8d97461fb08c4327431c0589322e3cbb1e3de