nRansom Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 2 |
First Seen: | May 2, 2018 |
Last Seen: | May 3, 2018 |
OS(es) Affected: | Windows |
The nRansom Ransomware is a Trojan that is meant to encrypt data and ask for a ransom in return for a decryption key. However, the nRansom Ransomware is a bogus ransomware threat. The nRansom Ransomware was first spotted back in 2018. It got in the spotlight thanks to the rather peculiar requests it issues to its victims. Instead of asking for cash, like the creators of most data-locking Trojans do, the authors of the nRansom Ransomware demand nude photos of the victim as a ransom fee.
Propagation
It is not yet revealed what is the propagation method used in the distribution of the nRansom Ransomware. Many authors of ransomware threats tend to use fake emails to propagate their creations. Normally this would involve a bogus message and a macro-laced document that contains the corrupted code of the threat. Users are often coerced into opening the attached file as the attackers make it seem like it is a document that needs urgent reviewing. There are other commonly utilized infection vectors such as malvertising campaigns, fake updates, and downloads, pirated media and software, etc.
Demands
The creators of the nRansom Ransomware demand ten nude photos of the victim in exchange for a decryption key that is meant to recover the user’s files. The attackers instruct the user to send the pornographic material to their email account – ‘1_kill_yourself_1@protonmail.com.’ The attackers state that unless the victims give in to their demands, they will not get the needed decryption key to unlock their data. After the release of the nRansom Ransomware, cybersecurity experts spotted another variant of the threat named ‘nRansom Reborn Ransomware.’ The distributors of the nRansom Reborn Ransomware also demand nude photographs. However, instead of asking for ten photos of the victim, they demand fifteen nude photos. The distributors of the nRansom Reborn Ransomware have used a different email address – ‘die_yourself@protonmail.com.’ After this, malware analysts detected another copy of the threat, which uses the ‘2_kill_yourself@india.com’ email address.
After looking into this threat deeper, malware researchers found that this ransomware threat is not capable of encrypting any data, despite its claims. The whole operation relies on a bluff. However, none of your files will be affected. Make sure you use a reputable anti-malware solution to remove the nRansom Ransomware from your computer safely.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.