Security researchers detected a number of malicious adult websites that push a fake ransomware, which in reality is a data wiper.
Adult Websites Pushing a Fake Ransomware
Instead of encrypting the victim’s data, the ransomware acts as a wiper, attempting to delete nearly all data found on the compromised device.
The websites promoted nude photos, and were hosted on domains such as nude-girlss.mywire[.]org, sexyphotos.kozow[.]com, and sexy-photo[.]online.
“The link of this website may be available on dating websites that redirect the user to download the fake ransomware after opening it. The downloaded executable file has a double extension i.e. SexyPhotos.JPG.exe and masquerading as an image file as shown below,” said Cyble researchers. These websites prompt potential victims to download and run the said executable.
As already mentioned, the malware acts as a usual ransomware but it doesn’t encrypt any files. However, it does display fake information that the files are encrypted, demanding a ransom to be paid for their alleged decryption.
Cyble researchers pointed out that they “are not sure about the authenticity of the decryptor if the ransom is paid.” It is noteworthy that even if a decryption tool is provided, renaming the files to their original filenames is not possible, as the malware doesn’t store them anywhere during the infection.
In conclusion, the malware isn’t ransomware but it was intended to look like one, trying to use fake encryption as a decoy while deleting almost all data on compromised systems.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: