Security researchers have discovered a new ransomware dubbed nRansomware that blocks victims' computers and demands nude photographs instead of Bitcoin in exchange for a code. Ransomware is a particularly nasty type of malicious software used to extort money from victims.
Researchers at MalwareHunterTeam spotted the malicious malware and posted a screenshot of the message displayed on a victim's computer screen when infected, Motherboard first reported.
"Your computer has been locked," the ransom message reads before asking the victim to email the hackers. "We will not respond immediately. After we reply, you must send at least 10 nude pictures of you. After that, we will have to verify that the nudes belong to you.
"Once you are verified, we will give your unlock code and sell your nudes on the deep web."
The message is displayed on top of a background filled with several images of the popular fictional children's character Thomas the Tank Engine along with the text "F**K YOU!!!" in bold.
Researchers also noted that the malware seems to play looped music in the background from a file called your-mom-gay.mp3 which is actually the theme song of the HBO Show "Curb Your Enthusiasm".
Motherboard reported that the malware appears to be legitimate with the file "nRansom.exe" classified as malicious by multiple antivirus engines, including VirusTotal and Hybrid Analysis.
A security researcher from MalwareHunterTeam told IBTimes UK that there is currently no information about anyone getting infected with nRansomware yet. A Reddit user noted that the ProtonMail email account mentioned in the ransom note has already been shut down.
When asked if this tactic could become a new trend for ransomware creators, the researcher said: "I hope it doesn't become a trend. I have seen a lot of unbelievable things humans have done, and can imagine a lot that humans would do. But sending a dozen nude photos of themselves to someone who just locked their PC or encrypted their files... Can't find words to describe that."
It is still unclear who the perpetrators behind the malware are and how serious are they on their threats to acquire and sell the nude photos acquired from their victims.
Security firm Kaspersky has advised users not to pay the ransom should they get infected.
"The word "pay" in this case is as legitimate as in any other; private information is no less payment than money," Kaspersky said in a blog post. "We can only speculate on what the criminals are planning to do with any photos they manage to get. They'll probably use the pictures to shame the victims and extort either more nudes or money."
In case the blocker does somehow manage to make its way to your device, users can simply unblock the computer by pressing Ctrl + Alt + Shift + F4 simultaneously and follow up with a full scan of your system after, Kaspersky notes.
In the first half of 2017, two major outbreaks – WannaCry and NotPetya – infected tens of thousands of computers globally and crippled businesses in more than 100 countries.
A recent study revealed that approximately 5% of small-to-mid-sized businesses (SMBs) around the world were hit by ransomware this year with an estimated $301m paid to ransomware hackers from 2016-17.
FedEx, whose subsidiary TNT Express was significantly disrupted by the NotPetya cyberattack in June, revealed it cost the company an estimated $300m in lost earnings.
Meanwhile, hackers have targeted a slew of celebrities in recent years in a number of celebrity photo-hacking scandals, leaking private nude images and personal information online.
In June, threat actors going by the name "Tsar Team" infiltrated the servers of the Grozio Chirurgija chain of plastic surgery clinics in Lithuania and published tens of thousands of "before-and-after" images and some nude photos of plastic surgery clients and their private data. The hackers demanded up to £2,000 to have the files removed.
"We don't want any glory from it," one of the hackers told IBTimes UK. "We just want to live a better life, hacking is just good business for us."
In light of the new ransomware demanding nude photos rather than money, Adam Katz, technical leader in threat research at Cisco's Talos Security tweeted, "Ransomware w/ foul-mouthed Thomas the Train holding your data ransom for... nude selfies? This unfortunately feels like the tip of an iceberg."