PornBlackmailer Ransomware
Posted: January 30, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 40 |
| First Seen: | November 9, 2023 |
|---|---|
| OS(es) Affected: | Windows |
The PornBlackmailer Ransomware is a Trojan that tries to blackmail the users by generating screenshots and recording their Web-browsing activity. Although these features often are associated with spyware, the PornBlackmailer Ransomware has no features related to collecting your data, and, instead, uses the gathered information as part of its ransom-negotiating process. Have your anti-malware products block or remove the PornBlackmailer Ransomware, as appropriate, and ignore its law enforcement-themed alerts, which have no legal backing in any country.
Trojans Watching What You Do with Their Hands Held Out
Although today's ransom-based Trojan industry focuses itself on the possibilities of holding media hostage by encrypting it, that attack hasn't been a universal trait throughout the threat industry's history. Malware experts associate old states of the industry with 'screen-locker' Trojans that make a living by generating disingenuous pop-up warnings. Now, at the start of 2018, at least one Trojan, the PornBlackmailer Ransomware, is calling back to that old philosophy of attack, but with modern enhancements.
The PornBlackmailer Ransomware's campaign has close associations with compromised content on pornographic websites, which provide synergy with the theme of its payload. Victims that run the 'screensaver' SCR file will, at first, notice no changes. However, the PornBlackmailer Ransomware takes multiple screenshots of the user's desktop and collects various details about the PC, such as its IP address-based location and any recent Web-browsing history automatically. Unlike most threats with similar features, malware experts can't confirm any network activity for implying that this Trojan is transferring this data to a third-party or a remote server, which means that the PornBlackmailer Ransomware isn't spyware.
Instead of undergoing the usual uploading of the collected data, the PornBlackmailer Ransomware uses its information for crafting various image and text files as 'evidence' against the victim's pornographic activities. It then delivers a ransom message, similar to those of a file-locking Trojan. However, instead of encrypting any content, the PornBlackmailer Ransomware claims that it has caught the user viewing underage erotica and threatens to turn the supposed evidence over to the police or FBI. It asks for a Bitcoin payment for averting this penalty.
Why there's No Shame in Unusual Pop-Up Warnings
The PornBlackmailer Ransomware goes to great lengths to gather and exploit information that could cause embarrassment, fear, or panic in its victims. However, the PornBlackmailer Ransomware has no law enforcement-related associations or internal features associated with its threats regarding non-paying users. The Trojan also generates its alerts without any attempt to verify forbidden activity on the user's part, and one can ignore its ransom demands without incurring any penalties.
Because the PornBlackmailer Ransomware's payload is so tightly-bound to the Web-browsing behavior of its victims, its campaign appears to utilize adult websites for circulatory purposes solely. While browsing the Web, you can protect yourself from possible attempts to infect your PC by blocking Java, JavaScript, Flash, pop-ups, and advertising content, in general. Malware experts are only seeing delivery methods that require the user to launch the PornBlackmailer Ransomware's SCR installer manually, although it may bundle itself with other downloads. Anti-malware programs should be capable of identifying and deleting the PornBlackmailer Ransomware in either a pre or post-installation context.
Sexuality is a potent lever for any con artist to pull when it's available. However, cultural shame over one's Web-browsing history never should lead to paying a cybercrook like the PornBlackmailer Ransomware's hoax-happy creator.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.