What happens when ‘ransomware’ meets ‘crazy’?

To start with, weird, no make that really weird, messages, ransoms, and insults, yes insults, happen. And on that note, in honor of National Cyber Security Awareness Month, today’s post looks at some of the craziest ransomware that we’ve seen to date, starting with the Nemty ransomware attack, named for the file name extension it adds to files following its encryption process.

After the encryption process is complete, Nemty sends a note informing its victims that the hackers hold the encryption key to their encrypted data and that the data is recoverable for a price. Victims are then given a link to a portal to pay the ransom fee as well as a link to another website with a chat function and more information about the hacker’s demands.

Till now, this is all pretty standard ransomware behavior. What’s crazy about Nemty is that it contains the word ‘hate’ in the mutex object, which is used by hackers to avoid reinfecting the same system as well as to take control of the host’s resources. Even more odd, though, is that the Nemty code also contains a link to this image of Vladmir Putin with a caption that reads “I added you to the list of [insult], but only with pencil for now”. Researchers later also found out that this odd bit of code was meant to send a direct message to the antivirus industry.

Jigsaw and Cerber

Next up on the ‘crazy meter’, and probably the ‘creepy meter’ as well, is the Jigsaw ransomware, which was released in 2016. Jigsaw was given the Jigsaw moniker because of the popup image of “Billy the Puppet” from the horror film “Saw” that appears once Jigsaw infects the user’s system and encrypts his files. Jigsaw first encrypts the victim’s files, and then starts deleting them, and continues to delete them until a ransom fee is paid.

Its creepiness level is on a par with Cerber ransomware. Cerber is a whole new level of ransomware as it’s actually ransomware as a service (RaaS). Yes, you read correctly; the attacker “licenses” the ransomware over the Internet and splits the ransom with the developer.

Cyber criminals can sign up to be Cerber affiliates and then deliver the ransomware to their heart’s content as long as they pay a 40% cut of the ransom to the developer. Everybody is happy…, except of course the victim.

However, the licensing aspect isn’t the weird part. What’s weird is that this ransomware talks! One of the ransom notes that it sends has specific script that causes the computer to play a voice message that repeatedly says “Attention! Your documents, photos, databases and other important files have been encrypted!” Imagine sitting down with a cup of coffee, turning on your computer and hearing that message!

Popcorn Time

And then there’s Popcorn Time ransomware (not related to the BitTorrent platform for free video streaming), which like any proper ransomware, encrypts the contents of your computer so you can’t access it unless you pay a ransom fee. The ransom fee? Either pay up in Bitcoin, approximate $770 worth at the time Popcorn Time was first launched, or infect two other people with Popcorn Time.

The second option, to infect two other people, is called the ‘nasty way’ in the ransomware message that Popcorn Time sends and says that if the victim sends the malicious link on to two other people and those two people install the file and pay, the original victim gets his files back without paying the ransom. This truly is a nasty option because it manages to both turns users against each other, and make the users that choose this option cyber criminals themselves.

Final thoughts

Reading about odd ransomware attacks might pique our curiosity and make us wonder why in the world some ransomware writers thought it wasn’t enough to make their ransomware malicious, so they had to make it crazy too, but it shouldn’t distract us from the real problem: the serious and imminent threat to our privacy posed by ransomware.

Ransomware is the fastest growing type of cyber crime, achieving epidemic proportions around the globe and quickly becoming the go-to method of cyber attacks for hackers. One of the reasons for the spike in ransomware is that companies often find it more expedient and cost effective to just pay the ransom fee to get their data back. Taking this approach, however, has created an untenable trajectory; encouraging attacks that are increasingly ambitious, widespread, and costly.

As long as cyber criminals continue to benefit from encrypting data and restricting users from accessing it, they will continue to create and send ransomware to infect systems. Seriously, if you haven’t already, it’s time you got ransomware protection.

Leave a Reply