Sexy Ransomware

Despite its name, there is nothing sexy or attractive about the Sexy Ransomware. The Sexy Ransomware designed to harm computer users by encrypting their files using a strong encryption algorithm. This is done to extort the computer users, demanding a ransom payment to release the affected files. The Sexy Ransomware was first released in November 2017 and seems to belong to the Globe Imposter 2.0 group of threats. The Sexy Ransomware and similar ransomware Trojans are typically delivered to victims through the use of corrupted file attachments, often included in spam email messages disguised to seem as if they have been sent by a reputable sender.

The Sexy Ransomware will Focus on the User-Generated Files

The Sexy Ransomware receives its name because it marks the files encrypted by the attack with the file extension '.SEXY.' The Sexy Ransomware uses the AES 256 encryption to make the victims' files inaccessible. This is a strong encryption method that cannot be cracked with current technology so that once the Sexy Ransomware encrypts the files, they will be inaccessible permanently. This means that prevention is key when dealing with ransomware Trojans like the Sexy Ransomware, particularly file backups. The Sexy Ransomware will avoid the Windows system files or other essential files in its attack, and instead focus on the user-generated files, such as media files and document files associated with commonly used software. Although this may seem less damaging, it is, in fact, these files that can prove to be irreplaceable if not backed up. It is also necessary for the Sexy Ransomware that Windows remains functional so that the victim can read a ransom note and pay the ransom. Part of the files types that are targeted in these attacks include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip

How the Sexy Ransomware Demands Its Ransom Payment

The Sexy Ransomware delivers an HTML file named 'how_to_back_files.html,' which it drops on the infected computer's desktop after encrypting the victim's files. Computer users are counseled not to pay the ransom since this supports these people's activities. The ransom note used by the Sexy Ransomware reads:

'YOUR FILES ARE ENCRYPTED!
TO DECRYPT, FOLLOW THE INSTRUCTIONS BELOW.
To recover data you need decryptor.
To get the decryptor you should:
Send 1 crypted test image or text file or document to sexy_chief@aol.com (Or alternative mail sexy_chief18@india.com)
In the letter include your personal ID (look at the beginning of this document).
We will give you the decrypted file and assign the price for decryption all files
After we send you instruction how to pay for decrypt and after payment you will receive a decryptor and
instructions We can decrypt one file in quality the evidence that we have the decoder.

Only sexy_chief@aol.com can decrypt your files
Do not trust anyone besides sexy_chief@aol.com
Antivirus programs can delete this document and you can not contact us later.
Attempts to self-decrypting files will result in the loss of your data
Decoders other users are not compatible with your data, because each user's unique encryption key'

An upright security program should remove the Sexy Ransomware. However, this will not restore the affected files. To do this, file backups will be necessary.