Sextortion Scam Now Includes Ransomware

Sextortion scams are known for been incredibly pervasive with the use of social engineering methods in an attempt to blackmail victims. These scams (for example "I am a spyware developer" or "I have bad news") often take the form of an email allegedly sent by a hacker which informs the victim that the hacker has compromised the victim’s computer and has managed to steal compromising information. This information, for example, may allegedly be of the victim watching pornography, is then threatened to be released within a time frame is the hacker does not receive a payment, usually in cryptocurrency, before the time deadline. Security researchers at Proofpoint have discovered such a campaign which ultimately leads to a ransomware infection as well. Researchers published their findings in an article which details how a sextortion campaign that also included URLs linking to AZORult stealer that ultimately led to infe...

.SYS Ransomware

.SYS ransomware is just another ransomware-type infection out there. Like most of them, it is designed to block the access to the files by encrypting them, and to keep them locked as long as ransom demands are not met. This ransomware was discovered by Michael Gillespie. Once the computer is infected and files are encrypted, .SYS replaces their extension with a 16 character hexadecimal string filename. For example, "1E857D004DFB70F474DFF1B265DAB864.SYS". Every encrypted file gets a different string. It also puts a ransom-demanding text file ("_HELP_INSTRUCTION.TXT") in each folder that contains any of the encrypted files. As stated in the "_HELP_INSTRUCTION.TXT" ransom note, .SYS ransomware has encrypted all data, in order to get more details its victims are encouraged to contact cyber criminals via all the provided email addresses: itprocessor@protonmail.com, pcambulance1@protonmail.com, leablossom@yandex...