The 10 most ridiculous ransomware we’ve ever seen

Ransomware is no laughing matter; just ask the thousands of victims that have had their personal or business files locked away. Yet every once in awhile, there are definitely moments in the lab when we can’t help but smile, scratch our heads and wonder “what on earth were the hackers thinking?”.

We want to share some of those moments with you. Here are 10 of the weirdest, strangest and most ridiculous ransomware samples we’ve encountered over the last few years.

1. Popcorn Time

Popcorn Time (unrelated to the streaming application) looks like something the Joker might have concocted if he were a little more tech savvy. Divisive and dastardly, Popcorn time is one of few strains of ransomware that actively turns regular users against each other.

After infecting your machine and encrypting your files, Popcorn Time generously offers to decrypt your files on one condition: you infect two other people and they pay the ransom. This provides a pretty strong incentive for victims to voluntarily turn into cybercriminals themselves in a desperate attempt to regain access to their files. To complicate matters even further, Popcorn Time starts randomly deleting files if you enter the incorrect decryption key four times.

2. Hitler Ransomware

The bizarrely named Hitler ransomware surfaced in August 2016. After successfully infecting a machine, the ransomware displays a lock screen featuring Hitler himself and announces that your files have been encrypted and can only be retrieved if you fork over a very specific ransom – a €25 Vodafone cash code.

However, despite what the ransomware insists, no encryption actually takes place. Instead, the ransomware simply removes the extensions of a number of files and then displays the ransom note lock screen, which features a 60 minute countdown timer. When the timer reaches zero, the ransomware crashes the computer and, upon reboot, deletes all the files on the victim’s user profile.

3. Nudes Ransomware

Some hackers are out to make money. Some want the infamy. Others simply want to see you naked.

September 2017 saw the arrival of nRansom, a hilarious piece of ransomware featuring images of Thomas the Tank Engine and the Curb Your Enthusiasm soundtrack. nRansom locks your computer and proclaims it will only unlock the device if you send 10 nude pictures of yourself to a certain email address, after which the criminals will sell your nudes on the deep web.

While this might sound fairly menacing, in all probability nRansom is little more than a gag application intended to be sent to ‘friends’. The locker is incredibly basic, full of bugs and easy to remove.

If you somehow manage to get infected with nRansom, simply:

1. Enter the unlock code 12345.
2. Click the unlock button.
3. Realize the unlock button isn’t actually functional.
4. Press Ctrl + Alt + Del to open the Task Manager.
5. Select nRansom.
6. Click End task.

Done. No nudity required.

4. Fabiansomware

After months of being repeatedly thwarted by Emsisoft CTO Fabian Wosar, the criminals behind Apocalypse ransomware decided to pay their adversary the highest level of respect: they renamed their ransomware after him.

Over the course of a few months, Fabian and his team released a number of free decrypter tools to help victims of the poorly coded Apocalypse ransomware.

In frustration, the criminals attempted a smear campaign, rebranding their ransomware to Fabiansomware, delivering ransom notes in his name and using the email address fabiansomware@mail.ru to request payments.

Check out our previous blog post to read about the saga in full.

5. RensenWare

ResenWare puts your gaming abilities to the test. After encrypting your computer, the ransomware threatens that your files will be lost forever unless you manage to score more than 200 million points in the LUNATIC level of shooting game TH12 – Undefined Fantastic Object.

As you might have guessed, RensenWare turned out to be a joke and was never intended for distribution. The author quickly released a tool that causes the game to believe the user achieved the points necessary for decryption. While there’s no real malice behind RensenWare (although its encryption really does work), it does highlight the potential for creative malware.

6. Educational Ransomware

There’s a very strange, niche breed of ransomware that attempts to – quite literally – teach its victims a lesson about internet security. Koolova is one such example.

After encrypting your files, the ransomware scolds you for downloading dodgy applications and informs you that the only way to retrieve your data is to read two online articles: one from the Google Security Blog; the other from BleepingComputer.

Peruse the content before the countdown reaches zero, and Koolova will give you the decryption key to get you files back. Fail to read the articles, and Koolova deletes the encrypted files. Tough love, indeed.

Our tip: just subscribe to the Emsisoft newsletter and get all the internet security lessons you need ;)

7. Trump Locker ransomware

Right as the 2016 US election was approaching fever pitch, we caught wind of the Donald Trump ransomware, a locker closely related to the VenusLocker ransomware family.

After successfully encrypting your files, the ransomware briefly displays an image of Donald Trump’s face, along with the message “YOU ARE HACKED!” before presenting the ransom window with payment information.

Sad!

8. Merry Christmas

Unfortunately, holiday-themed malware is often very effective and 2016’s Merry Christmas ransomware was no exception. Distributed via emails that appear to be from the Federal Trade Commission, the ransomware installer comes disguised as an innocuous PDF file.

When executed, it encrypts your files and displays a festive ransom note that includes payment details, a countdown showing time remaining until your files are deleted and cheery MERRY CHRISTMAS text.

9. VindowsLocker

Toward the end of 2016 VindowsLocker emerged, a piece of ransomware that, instead of communicating via shadowy parts of the deep web, directs victims to contact a call center. It was a bizarre case of ransomware posing as tech support, the polar opposite of the usual scam in which tech support fraudsters use scare tactics to convince victims to pay a fee to bypass a lock screen.

Things got even stranger when, in a weird twist, it was later revealed that the ransomware had actually been developed by a group of people who had made VindowsLocker to get revenge on tech support scammers.

10. Pop Culture Ransomware

Finally, there’s a healthy cross section of ransomware that pays tribute to various pop culture icons.

• Jigsaw: Inspired by the Saw movie antagonist of the same name, Jigsaw Ransomware deletes files from your computer every hour until you pay the ransom.
• Nagini: Named after Voldemort’s pet snake, Nagini bucks the bitcoin payment method trend and instead asks for credit card information.
• Kirk: Following a long line of Star Trek-themed malware, Kirk is one of the first ransomware samples to demand ransoms in the Monero cryptocurrency.

While it’s fun to look back at some of the odd ransomware we’ve encountered, it’s important to keep in mind that being infected with ransomware is rarely amusing for the victim, so keeping your computer safe before ransomware can infect your files is paramount.

What’s the weirdest, funniest or most random malware that you’ve come across? Let us know in the comment section below!

Have a brilliant (ransomware-free) day!