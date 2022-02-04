In this case, the attacker does not ask for money. Instead, the attacker asks you to subscribe to their YouTube channel and that comment on most videos . If you perform all those interactions, then it will give you the key to decrypt the files.

Normally these emails are usually blocked by the companies that operate them, hence paying a ransomware ransom is not the right option, since if we cannot prove that we are the ones who have paid, then there is no way to send proof of payment to the hacker. And even if the email works, it is up to the attacker to give the key to decrypt the files.

Specific, MalwareHunterTeam has discovered a new ransomware attack called black eye created by “ GHOST CYBER TEAM «. When you enter a computer, encrypt all files , and leaves a text file on the desktop with instructions for recovering the information. In that text file there is usually a BTC address to send the money to, as well as an email to send proof of payment.

“HELLO ALL YOUR FILES HAVE BEEN LOCKED BY RANOMWARE BUT CALSE YOU CAN ACCESS BACK WITH SUBSCRIBE

MY CHANEL YOUTUBE ,AND COMMENT MOST VIDEOS THEN I WILL GIVE YOU THE KEY TO ACCESS YOUR FILES BACK!

The problem in this case is that there is no way to contact you to prove that you are the one who has commented on the videos and the one who has subscribed. In the channel we can see many videos that are in Indonesian, country of origin of the attacker as can be seen in the text file. That file shows that you don’t need to know English to be a good hacker, and even tries to be a good person by encouraging the hacked with a “Don’t sad”.

Ransomware is already detected by antivirus

The channel, curiously, has not been closed by YouTube. Under the name of Error 404has short videos of hacking and infection tests by malware such as ransomware, including some running on Windows 7. This is one of the reasons why you should no longer use this version of Windows, as it has numerous unpatched vulnerabilities that hackers can exploit to sneak malware into you.

Malware, although it seems like a joke, is completely real. This attack only infects one device, so it does not spread to other devices connected to the same local network. At the moment it does not seem that they have been very successful, since they only have 65 subscribers, and the videos on the channel do not have comments.

Furthermore, ransomware is already detected by dozens of antiviruses, as we can see in this VirusTotal link. Luckily, the attacker asks for pretty innocuous things. In the past, we have seen ransomware attacks ask for much more sensitive material, including asking for nude photos in exchange for the encryption key.