Sext Ransomware
The Sext Ransomware is a file-locking Trojan that's a variant of the Bondy Ransomware's family. All previous features remain in evidence in this update, including blocking files with encryption and holding them as hostages for ransoms. Users should back their work up to secure storage devices for preventing this extortion and let their preferred anti-malware and security services identify and remove the Sext Ransomware.
A Little License for Innuendo in Another Trojan Update
One more member of the Bondy Ransomware family arrives to keep the Connect Ransomware company, albeit with a possibly-more-meaningful name attached to it. The Sext Ransomware, bearing the slang that usually refers to erotic text messaging activities, is an otherwise-typical variant of the Bondy Ransomware group. While it still is threatening, it uses copy-pasted content for its warnings and attacks, with a bare minimum of updates to specifics like the ransom wallet and e-mails.
Featurewise, the Sext Ransomware is a concern for Windows users thanks to its encryption routine, which blocks media files like spreadsheets, images, archives, music or documents. Besides blocking files in this stereotypical manner, the Sext Ransomware also bypasses the UAC security feature and deletes the Restore Point or the Shadow Copy backups. As an element unique to its campaign, the .NET Framework Trojan adds a 'sext' extension onto files' names but doesn't remove any previous extensions (for example, 'picture.bmp' becomes 'picture.bmp.sext').
The Sext Ransomware's threat actor hasn't made many changes to the ransom note; it's the default for Bondy Ransomware and includes the old English typos and grammar errors. The letter asks for six hundred USD for its Bitcoin wallet for helping the victim with data recovery. Its wallet currently has no transactions equivalent to such payments but displays some 'small change' activity, possibly unrelated to the Sext Ransomware's campaign.
Taking a Threatening Sexual Activity Out of Web-Browsing
The Sext Ransomware's campaign might not use the 'sext-texting' theme as part of its distribution tactics or phishing lures necessarily. Current samples use either random names or the old 'Host Process for Windows' fakery that's part of previous versions of Bondy Ransomware's family. For users concerned about erotica-themed drive-by-downloads, malware experts recommend turning off Flash and JavaScript, scanning downloads with proper security software, and avoiding obfuscated links to unknown websites.
Only Windows users might be at risk from the Sext Ransomware, but it targets most files of any value that aren't part of the operating system. Users should have backups in at least one other, secure place for recovery in the event of infection. Once the attack occurs, file-locker Trojans usually have few to no free opportunities for decrypting or unlocking files.
Still, most PC security products should recognize and block this threat on heuristic grounds. Users with traditional anti-malware services can block and remove the Sext Ransomware on sight and not need to concern themselves with recovering files that the Trojan never got a chance to lock.
The Sext Ransomware's name could very well be the breadcrumb trail leading back to an infection vector or drive-by-download attack. On the other hand, it might be nothing more than one criminal's sense of humor, in conjunction with a Trojan's not-very-funny joke.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.