{"id":9299,"date":"2017-09-22T19:19:53","date_gmt":"2017-09-22T15:19:53","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=9299"},"modified":"2019-11-15T15:23:46","modified_gmt":"2019-11-15T11:23:46","slug":"nransom-nude-ransomware","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/nransom-nude-ransomware\/9299\/","title":{"rendered":"NRansom: Ransomware that demands your nudes"},"content":{"rendered":"<p>Ransomware has been called the scourge of the Internet for quite a while. It\u2019s really one of the twenty-first century\u2019s main cyberthreats, and recently it has taken \u2026 quite a turn. Researchers from MalwareHunterTeam have <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/yw3w47\/this-ransomware-demands-nudes-instead-of-bitcoin\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">discovered<\/a> a new strain of <a href=\"https:\/\/securelist.com\/threats\/ransomware-glossary\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ransomware<\/a>, called nRansom, that blocks victims\u2019 computers, but instead of requiring money to unlock the computer, it demands nude photos.<\/p>\n<p>This ransomware seems to be not a cryptor, but rather a <a href=\"https:\/\/www.kaspersky.com\/blog\/ransomware-blocker-to-cryptor\/12435\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">blocker<\/a>, which means that in case of infection it doesn\u2019t encrypt your files, but simply blocks access to your computer. The ransom note that appears on the screen informs victims that the only way to get back access to their computers is to send the aforementioned pictures: ten of them, nude, and demonstrably of the victims.<\/p>\n<p>They state that they will somehow verify those nudes really belong to the victim before sending the code that unlocks the computer.<\/p>\n<p>https:\/\/twitter.com\/malwrhunterteam\/status\/910952333084971008<\/p>\n<p>At this point, nRansom has been seen only as a file called nRansom.exe, which means it affects only Windows users.<\/p>\n<p>We can only speculate on what the criminals are planning to do with any photos they manage to get. They\u2019ll probably use the pictures to shame the victims and extort either more nudes or money.<\/p>\n<p>As always, we advise you not to pay the ransom if your computer gets infected. The word \u201cpay\u201d in this case is as legitimate as in any other; private information is no less payment than money.<\/p>\n<p>Kaspersky Internet Security detects nRansom as Trojan-Ransom.MSIL.Agent.zz and neutralizes it right away. In case the blocker has somehow sneaked onto your PC, you can unblock the computer by pressing Ctrl + Alt + Shift + F4 simultaneously. It\u2019s necessary to run a full scan of your system after that. You can <a href=\"https:\/\/support.kaspersky.com\/12093#block2\" target=\"_blank\" rel=\"noopener noreferrer\">read more about that here<\/a>.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kis-trial-ransomware\">\n<p>That technique is available in all of our flagship security solutions, and it works against all blockers, in case they somehow get onto your computer. However, if you always keep protection running, that scenario is highly unlikely; <a href=\"https:\/\/store.kaspersky.com\/store\/kaspersk\/en_IE\/buy\/productID.320853100\/quantity.1\/Currency.USD?cid=gl_socmed_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___&amp;affiliate=gl_socmed_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Kaspersky Internet Security<\/a> neutralizes almost all ransomware species before they can do anything at all, and any that manage to sneak in under the radar are detected by System Watcher when they attempt to do anything malicious.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new blocker called nRansom locks users out of their computers and demands not money, but nude pictures.<\/p>\n","protected":false},"author":696,"featured_media":9298,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,1486],"tags":[1477,1478,1476,1479,1480,433],"class_list":{"0":"post-9299","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-blocker","10":"tag-locker","11":"tag-nransom","12":"tag-nude-photos","13":"tag-nude-pictures","14":"tag-ransomware"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/nransom-nude-ransomware\/9299\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/nransom-nude-ransomware\/11246\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/nransom-nude-ransomware\/5007\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/nransom-nude-ransomware\/12799\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/nransom-nude-ransomware\/11798\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/nransom-nude-ransomware\/11312\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/nransom-nude-ransomware\/14483\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/nransom-nude-ransomware\/14269\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/nransom-nude-ransomware\/18904\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/nransom-nude-ransomware\/4199\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/nransom-nude-ransomware\/18597\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/nransom-nude-ransomware\/8236\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/nransom-nude-ransomware\/14642\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/nransom-nude-ransomware\/8641\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/nransom-nude-ransomware\/17993\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/nransom-nude-ransomware\/17876\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/nransom-nude-ransomware\/17866\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/ransomware\/","name":"ransomware"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9299","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/696"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=9299"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9299\/revisions"}],"predecessor-version":[{"id":14810,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9299\/revisions\/14810"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/9298"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=9299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=9299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=9299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}