PornBlackmailer Ransomware

PornBlackmailer Ransomware Description

The PornBlackmailer Ransomware is a threat infection that is used to blackmail computer users. The PornBlackmailer Ransomware has been distributed to computer users downloading pornographic video clips from xvideos, a popular pornographic website. The PornBlackmailer Ransomware attack is simple, and typical of police ransomware Trojans, a category of threats that threaten to report the victim to the police or impersonate a message from the police in its attack. The PornBlackmailer Ransomware displays a screenshot of the victim's computer's desktop and displays a threatening message.

The PornBlackmailer Ransomware and Its Scary Threat

Computer users first reported the PornBlackmailer Ransomware attack through Reddit, asking for advice on how to remove the PornBlackmailer Ransomware Trojan. These threats do not encrypt the victim's files, unlike most ransomware Trojans active today. Instead, the PornBlackmailer Ransomware will display a note with a ransom demand, blackmailing the victim after the victim's computer starts up. The PornBlackmailer Ransomware is a simple tactic that relies on scaring the victims, rather than any advanced technology in the attack. The PornBlackmailer Ransomware is not capable of encrypting the victims' files. The PornBlackmailer Ransomware is also not capable of communicating with a remote server. The extortion message that the PornBlackmailer Ransomware displays on the infected computer reads:

'This is not joke! Your data will indeed be sent to POLICE departments with help of email if you do not send 0.01 BTC. All process is fully automatic. Believe me, these pennies do not cost 1 or more years in jail.
-->> Send 0.01 BTC to this address 1LoUuj2EkqSiP5U1ejw8KR56dfopgSJuw4 (specially generated for you) -->> Send 0.01 BTC to this address 1LoUuj2EkqSiP5U1ejw8KR56dfopgSJuw4 (specially generated for you) -->> Send 0.01 BTC to this address 1LoUuj2EkqSiP5U1ejw8KR56dfopgSJuw4 (specially generated for you)
If you do not pay, then tomorrow at exactly 2:56:15 AM o'clock your data will be automatically sent to the police emails and posted to public forums. If you don't know how to buy bitcoin, just type to google "How to buy bitcoins?".
The script on the server will automatically delete your data after the payment is received on the wallet.'

One aspect of the PornBlackmailer Ransomware that has caught the attention of PC security researchers is that it seems capable of avoiding various anti-malware programs commonly used today. It is likely that PC security researchers will update anti-virus software with capabilities to remove the PornBlackmailer Ransomware and similar threats if they didn't do so already.

Further Information about a PornBlackmailer Ransomware Attack

PC security researchers have found three variants of the PornBlackmailer Ransomware, with the first of these having been uploaded to the pornographic website in question on January 8, 2018. As soon as the PornBlackmailer Ransomware is installed on the victim's computer, the PornBlackmailer Ransomware will create a directory on the victim's computer that includes information such as the victim's browser history and four different screenshots of the infected PC's desktop. The PornBlackmailer Ransomware also will gather information about the infected computer, which may include the computer and account name and IP and MAC address. The PornBlackmailer Ransomware saves this information in a text file named 'your_information.txt.' The PornBlackmailer Ransomware also will attempt to create an image of the victim's location using Google Maps, saving this image in a file named 'your_location.jpg.' The PornBlackmailer Ransomware lists the affected browser's cookie files, saving it in a different directory. Finally, the PornBlackmailer Ransomware generates text files named 'READ_ME.txt,' which contain the PornBlackmailer Ransomware's threatening message. Computer users visiting the pornographic websites that are affected by the PornBlackmailer Ransomware may believe its claims of having been 'caught in the act.' The PornBlackmailer Ransomware will accuse them of viewing pornographic images and videos involving children, and demand a large ransom by threatening to report the victims to the police and send them to jail. Inexperienced computer users, who may not have experience with ransomware and extortionware, may believe these claims and be tempted to pay the PornBlackmailer Ransomware ransom amount.

Technical Information

File System Details

PornBlackmailer Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 C:\Users\user\AppData\Roaming\temps.exe 573,952 eff93c4f284e5021d26010949276943f 2
2 file.exe 657,408 2c1ffe8e1e51b0d6780ef1f0f83acf69 0
More files

Registry Details

PornBlackmailer Ransomware creates the following registry entry or registry entries:
Regexp file mask

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.