PornBlackmailer Ransomware

The PornBlackmailer Ransomware is a Trojan that tries to blackmail the users by generating screenshots and recording their Web-browsing activity. Although these features often are associated with spyware, the PornBlackmailer Ransomware has no features related to collecting your data, and, instead, uses the gathered information as part of its ransom-negotiating process. Have your anti-malware products block or remove the PornBlackmailer Ransomware, as appropriate, and ignore its law enforcement-themed alerts, which have no legal backing in any country.

Trojans Watching What You Do with Their Hands Held Out

Although today's ransom-based Trojan industry focuses itself on the possibilities of holding media hostage by encrypting it, that attack hasn't been a universal trait throughout the threat industry's history. Malware experts associate old states of the industry with 'screen-locker' Trojans that make a living by generating disingenuous pop-up warnings. Now, at the start of 2018, at least one Trojan, the PornBlackmailer Ransomware, is calling back to that old philosophy of attack, but with modern enhancements.

The PornBlackmailer Ransomware's campaign has close associations with compromised content on pornographic websites, which provide synergy with the theme of its payload. Victims that run the 'screensaver' SCR file will, at first, notice no changes. However, the PornBlackmailer Ransomware takes multiple screenshots of the user's desktop and collects various details about the PC, such as its IP address-based location and any recent Web-browsing history automatically. Unlike most threats with similar features, malware experts can't confirm any network activity for implying that this Trojan is transferring this data to a third-party or a remote server, which means that the PornBlackmailer Ransomware isn't spyware.

Instead of undergoing the usual uploading of the collected data, the PornBlackmailer Ransomware uses its information for crafting various image and text files as 'evidence' against the victim's pornographic activities. It then delivers a ransom message, similar to those of a file-locking Trojan. However, instead of encrypting any content, the PornBlackmailer Ransomware claims that it has caught the user viewing underage erotica and threatens to turn the supposed evidence over to the police or FBI. It asks for a Bitcoin payment for averting this penalty.

Why there's No Shame in Unusual Pop-Up Warnings

The PornBlackmailer Ransomware goes to great lengths to gather and exploit information that could cause embarrassment, fear, or panic in its victims. However, the PornBlackmailer Ransomware has no law enforcement-related associations or internal features associated with its threats regarding non-paying users. The Trojan also generates its alerts without any attempt to verify forbidden activity on the user's part, and one can ignore its ransom demands without incurring any penalties.

Because the PornBlackmailer Ransomware's payload is so tightly-bound to the Web-browsing behavior of its victims, its campaign appears to utilize adult websites for circulatory purposes solely. While browsing the Web, you can protect yourself from possible attempts to infect your PC by blocking Java, JavaScript, Flash, pop-ups, and advertising content, in general. Malware experts are only seeing delivery methods that require the user to launch the PornBlackmailer Ransomware's SCR installer manually, although it may bundle itself with other downloads. Anti-malware programs should be capable of identifying and deleting the PornBlackmailer Ransomware in either a pre or post-installation context.

Sexuality is a potent lever for any con artist to pull when it's available. However, cultural shame over one's Web-browsing history never should lead to paying a cybercrook like the PornBlackmailer Ransomware's hoax-happy creator.