New ransomware demands photos of tits & private parts to unlock your data

Ransomware remains one of the most used attack variants by cybercriminals, and new ways of using encryption against victims are detected at every moment. Cybersecurity firm Emsisoft has reported the detection of a new variant of ransomware, known as “Ransomwared”, which exhibits somewhat different behavior from other similar attacks.

As we know, in a ransomware attack threat actors encrypt the files of victims to demand a ransom in cryptocurrency in exchange for re-establishing everything to normal. The main difference with Ransomwared, is that the operators of the attack do not demand money, but instead assure victims that they will only be able to recover their files if they send intimate photos to an email address controlled by the hackers.

After infecting the target system, Ransomwared encrypts the victim’s files and adds them the .ransomwared or .iwanttits file extensions. Finally, the victim finds the ransom note with the unusual request: “You are ransomwared; to recover your files, email us your tits to…” mentions the ransom note found by cybersecurity specialists.

Ransom note found by the victims
SOURCE: Emsisoft

In its report on the finding, Emsisoft mentions: “We are not sure how threat actors get to know if a photo belongs to the victim, so sending any image available on the Internet could be enough to regain access to their files”.

Still, cybersecurity experts managed to promptly develop a tool to remove Ransomwared encryption, so they recommend not interacting with attackers and recovering compromised files using the free tool, available here. In case you experience any problems while using this tool, contact Emsisoft team.

So far it is unknown whether there is a group of sophisticated threat actors behind this new ransomware or if it is an amateur development. There are also no further details about Ransomwared’s distribution methods or whether its developers are involved in other criminal activities.

The International Institute of Cyber Security (IICS) has tracked the latest reports of ransomware attacks in order to find potential distribution channels, similar file extensions, and other indicators on the possible developers and their main objectives.