Attackers push data wipers disguised as ransomware on adult websites

Share post:

Threat intelligence firm Cyble has reported a malicious campaign in which threat actors spread data wipers disguised as ransomware on adult websites.

The attackers use host names that indicate that they were offering nude photos, such as nude-girlss.mywire[.]org, sexyphotos.kozow[.]com and sexy-photo[.]online.

Cyble explained that the sites would ask users to download an executable file called SexyPhotos.JPG.exe, which embodies a JPG image. Once launched, the fake ransomware drops four executables (del.exe, open.exe, windll.exe, and windowss.exe) and a batch file (avtstart.bat) in the user’s %temp% directory and executes them.

While the batch file copies all four executables to the Windows Startup folder, “windowss.exe” is executed to drop three additional files, including “windows.bat,” which performs the renaming.

Based on investigations, the researchers discovered that the malware is not a ransomware, but a malware designed to use the fake encryption as a decoy while deleting almost all files on a user’s drive.

Should users be infected with the malware, it is best that they bring their operating system back to a previous state, since the fake ransomware doesn’t delete shadow copies. It is also important that users perform regular backups.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways