Sext Ransomware Description
The Sext Ransomware is a file-locking Trojan that's a variant of the Bondy Ransomware's family. All previous features remain in evidence in this update, including blocking files with encryption and holding them as hostages for ransoms. Users should back their work up to secure storage devices for preventing this extortion and let their preferred anti-malware and security services identify and remove the Sext Ransomware.
A Little License for Innuendo in Another Trojan Update
One more member of the Bondy Ransomware family arrives to keep the Connect Ransomware company, albeit with a possibly-more-meaningful name attached to it. The Sext Ransomware, bearing the slang that usually refers to erotic text messaging activities, is an otherwise-typical variant of the Bondy Ransomware group. While it still is threatening, it uses copy-pasted content for its warnings and attacks, with a bare minimum of updates to specifics like the ransom wallet and e-mails.
Featurewise, the Sext Ransomware is a concern for Windows users thanks to its encryption routine, which blocks media files like spreadsheets, images, archives, music or documents. Besides blocking files in this stereotypical manner, the Sext Ransomware also bypasses the UAC security feature and deletes the Restore Point or the Shadow Copy backups. As an element unique to its campaign, the .NET Framework Trojan adds a 'sext' extension onto files' names but doesn't remove any previous extensions (for example, 'picture.bmp' becomes 'picture.bmp.sext').
The Sext Ransomware's threat actor hasn't made many changes to the ransom note; it's the default for Bondy Ransomware and includes the old English typos and grammar errors. The letter asks for six hundred USD for its Bitcoin wallet for helping the victim with data recovery. Its wallet currently has no transactions equivalent to such payments but displays some 'small change' activity, possibly unrelated to the Sext Ransomware's campaign.
Taking a Threatening Sexual Activity Out of Web-Browsing
Only Windows users might be at risk from the Sext Ransomware, but it targets most files of any value that aren't part of the operating system. Users should have backups in at least one other, secure place for recovery in the event of infection. Once the attack occurs, file-locker Trojans usually have few to no free opportunities for decrypting or unlocking files.
Still, most PC security products should recognize and block this threat on heuristic grounds. Users with traditional anti-malware services can block and remove the Sext Ransomware on sight and not need to concern themselves with recovering files that the Trojan never got a chance to lock.
The Sext Ransomware's name could very well be the breadcrumb trail leading back to an infection vector or drive-by-download attack. On the other hand, it might be nothing more than one criminal's sense of humor, in conjunction with a Trojan's not-very-funny joke.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Sext Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.