Recently a new variant of SMS ransomaware family that spread and promote pornographic sites, is In-the-Wild presenting a superficial makeover.
Several weeks ago a campaign is active through which spreads a variant of this type of ransomware, which displays a black window covering the entire desktop. This time, the window does not cover the entire desktop but is located in the center of it, but disables any possibility to access any of the applications of the system.
As in previous campaigns for the release request to send an SMS message such as a certain number requesting the sum of, according to the variants detected so far, 350, 400 and 410 rubles (Russian money).
SMS Ransomaware asking for 350 rubles
SMS Ransomaware asking for 400 rubles
For cases where the requested ransomware 410 rubles for a key to unlock the system can use any of the following keys to unlock provided by SiR! from his blog (thanks SiR!):
Number to Call: 89654028516
Number to Call: 89654028759
Number to Call: 89654028794
Code to unlock Windows: 403947563!
Number to Call: 89654028519
Code to unlock Windows: $334327890$
Number to Call: 89654028477
Number to Call: 89654028491
Number to Call: 89654028518
Code to unlock Windows: $009264834$
Campaign to disseminate russian ransomware
New Russian SMS ransomware In-the-Wild
SMS Ransomware porn template update
New variant of ransomware through porn sites IV
New variant of ransomware through porn sites III
New variant of ransomware through porn sites II
New variant of ransomware through porn sites
Another very active SMS Ransomware
SMS Ransomware for Windows In-the-Wild
Founder & Director of MalwareIntelligence
Crimeware & Intelligence Analyst Researcher