Home Malware Programs Ransomware Sexy Ransomware

Sexy Ransomware

Posted: November 17, 2017

Threat Metric

Threat Level: 8/10
Infected PCs: 61
First Seen: July 6, 2021
OS(es) Affected: Windows

The Sexy Ransomware is a Trojan that blocks your files by using a cipher to convert them into encrypted formats. It follows these attacks by creating local Web pages that ask the user to enter into ransom negotiations for buying a decryptor to unblock the media. Free decryption tools for the Globe Imposter Ransomware family may be able to recover any files you lack backups for, although malware experts recommend undertaking any data recovery after removing the Sexy Ransomware infection with a good anti-malware application.

A Fake Globe Ransomware Arrives with Sex Appeal

Threat actors have yet to stop seeing profits from adding confusion to the identities of the Trojans they're distributing, which the continuing activity from Globe Imposter Ransomware shows clearly. Members of this group using slight modifications to their ransom messages allow different administrators to launch entirely separate campaigns without requiring rewriting any of the file-locking Trojan's code. Particularly current versions of this family as determined by malware experts include the ONI Ransomware, the Decoder Ransomware, the PSCrypt Ransomware and the newest the Sexy Ransomware.

The Sexy Ransomware is one of a smaller grouping of these Trojans that is in circulation against the public definitively, conducting attacks that can block files by encoding them with a cipher. This data-locking feature shows no interface for the PC's user while it's active, and only a close analysis of open memory processes or automatic detection by appropriate security products are likely to identify the threat during its first-stage operations impractically.

In the process of the Trojan's above activities, malware experts also took notice of what could be another way of hiding the Sexy Ransomware's identity: the use of a '.sexy' extension appending to the names of the media. This extension is one that the Trojan shares with the completely unrelated PayDay Ransomware, which is a variant of Utku Sen's Hidden Tear. Although removing the extension doesn't affect the encoding that blocks your files, the flag does help victims to identify what content is under attack quickly.

Turning Down the Overtures of Encrypting Temptation

Since this Trojan is in the distribution stage of its campaign, users should anticipate being potential targets for its attacks, which usually will involve breaches of security through social engineering tactics. Installation methods for the Sexy Ransomware may include e-mail attachments or links that pretend to be legitimate downloads, unsafe advertisements disguising themselves as updates for software like your Web browser, and 'free' downloads on piracy-heavy file-sharing networks. Some threat actors also choose to compromise a target's server by using brute-force software to 'guess' the correct login combination, after which, they can install and run any threatening software of their choice.

The Sexy Ransomware creates HTML-based ransom notes that provide both a free 'sample' of the cybercrook's file-unlocking application, as well as an outline of how to negotiate paying for additional decryption. These ransoms always are high-risk transactions that may not correspond to a complete or perfect restoration of any of your media. Have secure backups for protecting any files that you consider of importance and employ anti-malware products for deleting the Sexy Ransomware as soon as possible from any compromised PC.

The growth of masquerading families of Trojans like the Sexy Ransomware's collective is an issue of concern for both malware experts and any Web-surfing PC user. The existence of Trojans that give multiple, false flags as symptoms only makes it difficult to confirm the appropriate decryption algorithm increasingly and raises the value of preemptive security practices.

Related Posts

Loading...