Ransomware Wants You to Like and Subscribe, Or Else

Researchers have found a new type of ransomware that asks for YouTube subscriptions and comments rather than Bitcoin.

Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

Ransomware has become an endemic problem on the internet. There’s no day that goes by without headlines about a new attack where hackers are asking for hundreds of thousands of dollars, or even millions, after locking victims out of their computers and servers.

But a new type of ransomware is asking for something a bit different: subscriptions to a YouTube channel.

The ransomware was first spotted by MalwareHunterTeam, a group of independent cybersecurity researchers. 

An error occurred while retrieving the Tweet. It might have been deleted.

“HELLO ALL YOUR FILES HAVE BEEN LOCKED BY RANOMWARE [sic] BUT CALSE [SIC] YOU CAN ACCESS BAK WITH SUBSCRIBE MY CHANEL [sic] YOUTUBE,” read the message, which shows up on victims’ screens.

Allan Liska, a cybersecurity researcher at Recorded Future who specializes in tracking ransomware, told Motherboard in an online chat that the malware is real. He said he hasn’t analyzed it but has seen an independent analysis from another researcher in a private industry forum. Liska said that the ransomware “is a single machine ransomware, so it only hits one computer and doesn't spread.”

Advertisement

For now, the hackers don’t seem to have been very successful. The YouTube channel they ask victims to subscribe to has only 64 subscriptions at the time of writing. The channel features mostly hacking related videos featuring logos of little known hacking groups, and a couple of videos taken in what appears to be a school. 

In the message, the hackers call themselves the GHOST CYBER TEAM and claim to be from Indonesia. 

Do you have more information a ransomware gang or another type of ransomware? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wire/Wickr @lorenzofb, or email lorenzofb@vice.com.

It’s unclear if this ransomware is just a prank, or the work of some teenage hacker looking for attention. For what is worth, the ransomware sample found by MalwareHunterTeam is detected as malicious by several antivirus engines, according to VirusTotal, a malware repository.

This wouldn’t be the first time someone made ransomware that doesn’t ask for cryptocurrency. In 2017, someone made a ransomware that asked for nudes

“Your computer has been locked,” the message displayed to victims read. “After we reply, you must send at least 10 nude pictures of you. After that we will have to verify that the nudes belong to you.”

Subscribe to our new cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.

Tagged:

cybersecurity, hackers, CYBER, Infosec, ransomware, worldnews

More
like this
Hacker Advertises ‘Crappy’ Ransomware on Instagram
Ransomware Gang Hacks Costa Rica, Asks Residents to Overthrow the Government
Russian Ransomware Gang Says It Will Support Russian Government
People Are Getting Scam Texts From … Themselves
Hacker Steals Database of Hundreds of Verizon Employees
Hackers Compromise a String of NFT Discord Channels
Hackers Drain Wedding Cash From Couples’ Zola Registry Accounts
Hackers Took Control of Famous NFT Artist Beeple’s Twitter Account