Ransomware is one of the most dangerous malware that can infect our computers. If one manages to skip the antivirus, all the files on our computer will be encrypted, or worse, in the hands of a hacker. Most of them usually ask for ransoms in cryptocurrencies, with prices that usually range between 100 and 1,000 dollars in most cases. However, there are those who are asking for more “social” things.
Specifically, MalwareHunterTeam has discovered a new ransomware attack called Black Eye created by “GHOST CYBER TEAM“. When it enters a computer, it encrypts all files , leaving a text file on the desktop with instructions on how to recover the information. In that text file there is usually a BTC address to send the money to, as well as an email to send proof of payment.
Comment and subscribe: what a new malware asks for
Normally these emails are usually blocked by the companies that operate them, hence paying a ransomware ransom is not the right option, since if we cannot prove that we are the ones who have paid, then there is no way to send proof of payment to the hacker. And even if the email works, it is up to the attacker to give the key to decrypt the files.
In this case, the attacker does not ask for money. Instead, the attacker asks you to subscribe to their YouTube channel and comment on most of the videos . If you perform all those interactions, then it will give you the key to decrypt the files.
7a07d98671d122664a88e7ce302fb9388eedb880708ba28ab3406a24dba0b3e4
“HELLO ALL YOUR FILES HAVE BEEN LOCKED BY RANOMWARE BUT CALSE YOU CAN ACCESS BACK WITH SUBSCRIBE
MY CHANEL YOUTUBE ,AND COMMENT MOST VIDEOS THEN I WILL GIVE YOU THE KEY TO ACCESS YOUR FILES BACK!
😂 @demonslay335 pic.twitter.com/T3X9HyyiXI— MalwareHunterTeam (@malwrhunterteam) February 2, 2022
The problem in this case is that there is no way to contact you to prove that you are the one who has commented on the videos and the one who has subscribed. On the channel we can see many videos that are in Indonesian , the attacker’s country of origin, as can be seen in the text file. That file shows that you don’t need to know English to be a good hacker, and even tries to be a good person by encouraging the hacked with a “Don’t sad”.
Ransomware is already detected by antivirus
The channel, curiously, has not been closed by YouTube. Under the name of Error 404 , it has short videos of hacking tests and malware infections such as ransomware, including some running on Windows 7. This is one of the reasons why you should not use this version of Windows anymore, since it has numerous unpatched vulnerabilities that hackers can exploit to sneak malware into us.
Attacker’s YouTube channel
Malware, although it seems like a joke, is completely real. This attack only infects one device, so it does not spread to other devices connected to the same local network. At the moment it does not seem that they have been very successful, since they only have 65 subscribers, and the videos on the channel do not have comments.
Furthermore, the ransomware is already detected by dozens of antiviruses, as we can see in this VirusTotal link . Luckily, the attacker asks for pretty innocuous things. In the past, we have seen ransomware attacks ask for much more sensitive material, including asking for nude photos in exchange for the encryption key.