Image: 10'000 Hours/GettyImages
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
“HELLO ALL YOUR FILES HAVE BEEN LOCKED BY RANOMWARE [sic] BUT CALSE [SIC] YOU CAN ACCESS BAK WITH SUBSCRIBE MY CHANEL [sic] YOUTUBE,” read the message, which shows up on victims’ screens.Allan Liska, a cybersecurity researcher at Recorded Future who specializes in tracking ransomware, told Motherboard in an online chat that the malware is real. He said he hasn’t analyzed it but has seen an independent analysis from another researcher in a private industry forum. Liska said that the ransomware “is a single machine ransomware, so it only hits one computer and doesn't spread.”For now, the hackers don’t seem to have been very successful. The YouTube channel they ask victims to subscribe to has only 64 subscriptions at the time of writing. The channel features mostly hacking related videos featuring logos of little known hacking groups, and a couple of videos taken in what appears to be a school. In the message, the hackers call themselves the GHOST CYBER TEAM and claim to be from Indonesia.
It’s unclear if this ransomware is just a prank, or the work of some teenage hacker looking for attention. For what is worth, the ransomware sample found by MalwareHunterTeam is detected as malicious by several antivirus engines, according to VirusTotal, a malware repository.This wouldn’t be the first time someone made ransomware that doesn’t ask for cryptocurrency. In 2017, someone made a ransomware that asked for nudes“Your computer has been locked,” the message displayed to victims read. “After we reply, you must send at least 10 nude pictures of you. After that we will have to verify that the nudes belong to you.”Subscribe to our new cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.Do you have more information a ransomware gang or another type of ransomware? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wire/Wickr @lorenzofb, or email lorenzofb@vice.com.