Ransomware is no laughing matter; just ask the thousands of victims that have had their personal or business files locked away. Yet every once in awhile, there are definitely moments in the lab when we can’t help but smile, scratch our heads and wonder “what on earth were the hackers thinking?”.
We want to share some of those moments with you. Here are 10 of the weirdest, strangest and most ridiculous ransomware samples we’ve encountered over the last few years.
1. Popcorn Time
After infecting your machine and encrypting your files, Popcorn Time generously offers to decrypt your files on one condition: you infect two other people and they pay the ransom. This provides a pretty strong incentive for victims to voluntarily turn into cybercriminals themselves in a desperate attempt to regain access to their files. To complicate matters even further, Popcorn Time starts randomly deleting files if you enter the incorrect decryption key four times.
2. Hitler Ransomware
However, despite what the ransomware insists, no encryption actually takes place. Instead, the ransomware simply removes the extensions of a number of files and then displays the ransom note lock screen, which features a 60 minute countdown timer. When the timer reaches zero, the ransomware crashes the computer and, upon reboot, deletes all the files on the victim’s user profile.
3. Nudes Ransomware
Some hackers are out to make money. Some want the infamy. Others simply want to see you naked.
While this might sound fairly menacing, in all probability nRansom is little more than a gag application intended to be sent to ‘friends’. The locker is incredibly basic, full of bugs and easy to remove.
If you somehow manage to get infected with nRansom, simply:
- Enter the unlock code 12345.
- Click the unlock button.
- Realize the unlock button isn’t actually functional.
- Press Ctrl + Alt + Del to open the Task Manager.
- Select nRansom.
- Click End task.
Done. No nudity required.
After months of being repeatedly thwarted by Emsisoft CTO Fabian Wosar, the criminals behind Apocalypse ransomware decided to pay their adversary the highest level of respect: they renamed their ransomware after him.
Over the course of a few months, Fabian and his team released a number of free decrypter tools to help victims of the poorly coded Apocalypse ransomware.
In frustration, the criminals attempted a smear campaign, rebranding their ransomware to Fabiansomware, delivering ransom notes in his name and using the email address firstname.lastname@example.org to request payments.
Check out our previous blog post to read about the saga in full.
As you might have guessed, RensenWare turned out to be a joke and was never intended for distribution. The author quickly released a tool that causes the game to believe the user achieved the points necessary for decryption. While there’s no real malice behind RensenWare (although its encryption really does work), it does highlight the potential for creative malware.
6. Educational Ransomware
After encrypting your files, the ransomware scolds you for downloading dodgy applications and informs you that the only way to retrieve your data is to read two online articles: one from the Google Security Blog; the other from BleepingComputer.
Peruse the content before the countdown reaches zero, and Koolova will give you the decryption key to get you files back. Fail to read the articles, and Koolova deletes the encrypted files. Tough love, indeed.
Our tip: just subscribe to the Emsisoft newsletter and get all the internet security lessons you need ;)
7. Trump Locker ransomware
After successfully encrypting your files, the ransomware briefly displays an image of Donald Trump’s face, along with the message “YOU ARE HACKED!” before presenting the ransom window with payment information.
8. Merry Christmas
Unfortunately, holiday-themed malware is often very effective and 2016’s Merry Christmas ransomware was no exception. Distributed via emails that appear to be from the Federal Trade Commission, the ransomware installer comes disguised as an innocuous PDF file.
When executed, it encrypts your files and displays a festive ransom note that includes payment details, a countdown showing time remaining until your files are deleted and cheery MERRY CHRISTMAS text.
Things got even stranger when, in a weird twist, it was later revealed that the ransomware had actually been developed by a group of people who had made VindowsLocker to get revenge on tech support scammers.
10. Pop Culture Ransomware
Finally, there’s a healthy cross section of ransomware that pays tribute to various pop culture icons.
- Jigsaw: Inspired by the Saw movie antagonist of the same name, Jigsaw Ransomware deletes files from your computer every hour until you pay the ransom.
- Nagini: Named after Voldemort’s pet snake, Nagini bucks the bitcoin payment method trend and instead asks for credit card information.
- Kirk: Following a long line of Star Trek-themed malware, Kirk is one of the first ransomware samples to demand ransoms in the Monero cryptocurrency.
While it’s fun to look back at some of the odd ransomware we’ve encountered, it’s important to keep in mind that being infected with ransomware is rarely amusing for the victim, so keeping your computer safe before ransomware can infect your files is paramount.
What’s the weirdest, funniest or most random malware that you’ve come across? Let us know in the comment section below!
Have a brilliant (ransomware-free) day!