Threat Database Ransomware nRansom Ransomware

nRansom Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 2
First Seen: May 2, 2018
Last Seen: May 3, 2018
OS(es) Affected: Windows

The nRansom Ransomware is a Trojan that is meant to encrypt data and ask for a ransom in return for a decryption key. However, the nRansom Ransomware is a bogus ransomware threat. The nRansom Ransomware was first spotted back in 2018. It got in the spotlight thanks to the rather peculiar requests it issues to its victims. Instead of asking for cash, like the creators of most data-locking Trojans do, the authors of the nRansom Ransomware demand nude photos of the victim as a ransom fee.


It is not yet revealed what is the propagation method used in the distribution of the nRansom Ransomware. Many authors of ransomware threats tend to use fake emails to propagate their creations. Normally this would involve a bogus message and a macro-laced document that contains the corrupted code of the threat. Users are often coerced into opening the attached file as the attackers make it seem like it is a document that needs urgent reviewing. There are other commonly utilized infection vectors such as malvertising campaigns, fake updates, and downloads, pirated media and software, etc.


The creators of the nRansom Ransomware demand ten nude photos of the victim in exchange for a decryption key that is meant to recover the user’s files. The attackers instruct the user to send the pornographic material to their email account – ‘’ The attackers state that unless the victims give in to their demands, they will not get the needed decryption key to unlock their data. After the release of the nRansom Ransomware, cybersecurity experts spotted another variant of the threat named ‘nRansom Reborn Ransomware.’ The distributors of the nRansom Reborn Ransomware also demand nude photographs. However, instead of asking for ten photos of the victim, they demand fifteen nude photos. The distributors of the nRansom Reborn Ransomware have used a different email address – ‘’ After this, malware analysts detected another copy of the threat, which uses the ‘’ email address.

After looking into this threat deeper, malware researchers found that this ransomware threat is not capable of encrypting any data, despite its claims. The whole operation relies on a bluff. However, none of your files will be affected. Make sure you use a reputable anti-malware solution to remove the nRansom Ransomware from your computer safely.

Related Posts


Most Viewed