Emsisoft experts were surprised to discover ransomware program that is not interested in a cash buyback. Instead, the Ransomwared malware requires an intimate photo.
After infecting the target system, Ransomwared (the name Emsisoft researchers gave the malware) encrypts the victim’s files and adds them the .ransomwared or .iwanttits file extensions.However, the Ransomwared extortionist, as the researchers note, is not at all a serious threat.
While most ransomware strains require monetary compensation in return for a decryptor, Ransomwared is demanding a more unusual payment. Once a computer is infected, a pop up will appear and demand that the victim send the author pictures of “tits” in exchange for an “unlock code. We’re not sure whether the threat actor wants bodily parts or birds – but we suspect the former – and nor are we sure how the actor would know whether said bodily parts/birds actually belong to the victim”, — write Emsisoft specialists.
However, cybersecurity experts were able quickly develop a tool to remove Ransomwared’s encryption, so they recommend not interacting with cybercriminals. It is better to recover compromised files using the free tool available here.
Thus, victims will not have to send their nude photos.
Experts remind that their tool should be used only if your files are really encrypted with Ransomwared extortionist. In any other cases, the decoder will not work.
If you encounter problems using this tool, contact the Emsisoft team.
It is still unknown whether there is a group of sophisticated threat actors behind this new ransomware or is it an amateur development. There is also no detailed information on the distribution methods of Ransomwared; it is also not clear whether its developers were involved in other criminal activities”, – say Emsisoft researchers.
If for some reason you are not sure which encryptor attacked your computer, you can always refer to the No More Ransom project. There you will find many tools to help identify the type of ransomware. Next, we advise you to look for a solution of your problem in our catalog of ransomware.