Sext Ransomware

Posted: November 12, 2020

Sext Ransomware Description

The Sext Ransomware is a file-locking Trojan that's a variant of the Bondy Ransomware's family. All previous features remain in evidence in this update, including blocking files with encryption and holding them as hostages for ransoms. Users should back their work up to secure storage devices for preventing this extortion and let their preferred anti-malware and security services identify and remove the Sext Ransomware.

A Little License for Innuendo in Another Trojan Update

One more member of the Bondy Ransomware family arrives to keep the Connect Ransomware company, albeit with a possibly-more-meaningful name attached to it. The Sext Ransomware, bearing the slang that usually refers to erotic text messaging activities, is an otherwise-typical variant of the Bondy Ransomware group. While it still is threatening, it uses copy-pasted content for its warnings and attacks, with a bare minimum of updates to specifics like the ransom wallet and e-mails.

Featurewise, the Sext Ransomware is a concern for Windows users thanks to its encryption routine, which blocks media files like spreadsheets, images, archives, music or documents. Besides blocking files in this stereotypical manner, the Sext Ransomware also bypasses the UAC security feature and deletes the Restore Point or the Shadow Copy backups. As an element unique to its campaign, the .NET Framework Trojan adds a 'sext' extension onto files' names but doesn't remove any previous extensions (for example, 'picture.bmp' becomes 'picture.bmp.sext').

The Sext Ransomware's threat actor hasn't made many changes to the ransom note; it's the default for Bondy Ransomware and includes the old English typos and grammar errors. The letter asks for six hundred USD for its Bitcoin wallet for helping the victim with data recovery. Its wallet currently has no transactions equivalent to such payments but displays some 'small change' activity, possibly unrelated to the Sext Ransomware's campaign.

Taking a Threatening Sexual Activity Out of Web-Browsing

The Sext Ransomware's campaign might not use the 'sext-texting' theme as part of its distribution tactics or phishing lures necessarily. Current samples use either random names or the old 'Host Process for Windows' fakery that's part of previous versions of Bondy Ransomware's family. For users concerned about erotica-themed drive-by-downloads, malware experts recommend turning off Flash and JavaScript, scanning downloads with proper security software, and avoiding obfuscated links to unknown websites.

Only Windows users might be at risk from the Sext Ransomware, but it targets most files of any value that aren't part of the operating system. Users should have backups in at least one other, secure place for recovery in the event of infection. Once the attack occurs, file-locker Trojans usually have few to no free opportunities for decrypting or unlocking files.

Still, most PC security products should recognize and block this threat on heuristic grounds. Users with traditional anti-malware services can block and remove the Sext Ransomware on sight and not need to concern themselves with recovering files that the Trojan never got a chance to lock.

The Sext Ransomware's name could very well be the breadcrumb trail leading back to an infection vector or drive-by-download attack. On the other hand, it might be nothing more than one criminal's sense of humor, in conjunction with a Trojan's not-very-funny joke.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Sext Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Home Malware Programs Ransomware Sext Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.