New terrifying ransomware is using sextortion tactics to target women and force victims to email explicit pictures of themselves to an address named after an ex-porn star in order to regain access to their files.
Called Ransomwared and using the extensions .ransomwared and .iwanttits, the new malware demands that topless photos are sent to a Sasha Grey email address in order for the owner’s files to be released again.
Sasha Grey is a former extreme porn star who found herself being used in Russian fake news in 2015.
Cyber-security company Emsisoft were alerted to the threat of the new brand of ransomware with its seedy and exploitative demand that appears to target women and has released a new free decryption tool to help victims combat the ransom request.
Victims are being asked to send nudes to an email address using the name Sasha Grey, a former porn star who found her pictures being used by Russian fake news stories in 2015
The first pop-up message from Ransomwared that asks for explicit photos from victims
The following pop-up screen reads: ‘You are ransomwared! To recover your files, email us your t-ts to firstname.lastname@example.org’ as it attempts to pressure victims into sending topless pics
Typically ransomware attacks a computer or smart device by encrypting files and demanding payment in bitcoin or another cryptocurrency for them to be released back to the victim.
According to Emsisoft, the new sextortion scam presents a malware pop-up message on the infected computer that asks victims to emails pictures of their breasts to retrieve their files.
‘The variant was likely created as a prank, but it doesn’t make it any less problematic for those who may be hit by it,’ Emsisoft threat analyst Brett Callow told Fast Company.
The Ransomwared pop-up reads ‘You are f—-d’ before continuing ‘Files are encrypted. Sow me your t-ts to decrypt it’.
In the following pop-up screen, it continues: ‘You are ransomwared! To recover your files, email us your t-ts to email@example.com’.
Sasha Grey, 31, is a famed former adult film actress who was named Female Performer of the Year at the American adult video industry AVN Awards in 2008, winning a total of 15 awards for her work between 2007 and 2010
She made her more mainstream feature film debut in 2009 in Steven Soderburgh’s movie ‘The Girlfriend Experience’ and appeared as a fictionalized version of herself in the TV show ‘Entourage’ after retiring from porn aged 21.
Actress Sasha Grey retired from porn aged 21 but is now being name dropped in new ransomware that demands explicit pictures of yourself in return for unlocking your files
The actress took a hit at the Russian fake news using her image in 2015 on Twitter
In 2015, the former extreme porn star also found herself as ‘Russian fake news’.
Her picture was used across VK (VKontakte), Russia’s answer to Facebook, claiming she was a nurse named Sasha Serova who died in battle between Ukrainian troops and pro-Russian separatists at the War of Donbas.
In response, she tweeted, ‘I love my Russian fans, but this propaganda takes it too far. News that I was a NURSE killed in the Russian/Ukraine conflict. #f–kpropoganda’.
Emsisoft shared pictures of various breeds of the bird named tit as it joked that the ransomware is not clear on exactly what they are asking for in the malware pop-up window
Cybersecurity company Emsisoft has developed a decryptor to release files from Ransomwared without the victim having to email any explicit photos of themselves
Emsisoft jokes that they are not certain whether the new Ransomwared threat actor ‘wants bodily parts or birds – but we suspect the former – and nor are we sure how the actor would know whether said bodily parts/birds actually belong to the victim’.
They continued the joke on Twitter, sharing a picture of a breed of the tit bird and writing: ‘To unlock files encrypted by. iwanttits, you don’t need to send bitcoin – just a photo of your t-ts. If you’d rather do that than use our decryptor, here’s a photo you can use.’
Nonetheless, so victims are not forced to send either, Emsisoft has released a new, free decryptor for Ransonwared that will release files without victims having to fulfill the ransom request.
This is not the first time that ransomware has asked for nude pics in return for decrypting files.
In 2017, a blocker named nRansom also locked users out of their computers and demanded ten explicit pictures be sent to an email address to return access.
The malware claimed that it could verify the pictures sent were of the victim before any access codes would be sent.