Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.
Ransomware has become an endemic problem on the internet. There’s no day that goes by without headlines about a new attack where hackers are asking for hundreds of thousands of dollars, or even millions, after locking victims out of their computers and servers.
But a new type of ransomware is asking for something a bit different: subscriptions to a YouTube channel.
The ransomware was first spotted by MalwareHunterTeam, a group of independent cybersecurity researchers.
“HELLO ALL YOUR FILES HAVE BEEN LOCKED BY RANOMWARE [sic] BUT CALSE [SIC] YOU CAN ACCESS BAK WITH SUBSCRIBE MY CHANEL [sic] YOUTUBE,” read the message, which shows up on victims’ screens.
Allan Liska, a cybersecurity researcher at Recorded Future who specializes in tracking ransomware, told Motherboard in an online chat that the malware is real. He said he hasn’t analyzed it but has seen an independent analysis from another researcher in a private industry forum. Liska said that the ransomware “is a single machine ransomware, so it only hits one computer and doesn’t spread.”
For now, the hackers don’t seem to have been very successful. The YouTube channel they ask victims to subscribe to has only 64 subscriptions at the time of writing. The channel features mostly hacking related videos featuring logos of little known hacking groups, and a couple of videos taken in what appears to be a school.
In the message, the hackers call themselves the GHOST CYBER TEAM and claim to be from Indonesia.
Do you have more information a ransomware gang or another type of ransomware? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wire/Wickr @lorenzofb, or email [email protected].
It’s unclear if this ransomware is just a prank, or the work of some teenage hacker looking for attention. For what is worth, the ransomware sample found by MalwareHunterTeam is detected as malicious by several antivirus engines, according to VirusTotal, a malware repository.
This wouldn’t be the first time someone made ransomware that doesn’t ask for cryptocurrency. In 2017, someone made a ransomware that asked for nudes
“Your computer has been locked,” the message displayed to victims read. “After we reply, you must send at least 10 nude pictures of you. After that we will have to verify that the nudes belong to you.”