Slime Ransomware Demands Payment In TNG

While examining new malicious files, our researchers came across the Slime ransomware. This malware is derived from Chaos and is crafted to encrypt files, demanding ransom payments for their decryption.

On our test system, the ransomware encrypted files and added a ".slime" extension to their filenames. For instance, a file originally named "1.jpg" transformed into "1.jpg.slime," and "2.png" became "2.png.slime." Following the completion of the encryption process, a ransom message named "read_it.txt" was generated.

The ransom note tells the victim all their data is encrypted and demands ransom to secure the decryption tool. The text file contains contact details for the cybercriminals and instructions for making the payment.

The ransom amount specified is RM10, payable via Touch 'n Go, a payment platform commonly used in Malaysia. However, considering the prevailing exchange rate at the time of writing, this amount seems unusually small. This raises suspicions and suggests that Slime might have been released for testing purposes rather than purely for financial gain. It's important to note that the ransom amount could vary in potential future releases of this ransomware.

Slime Ransom Note Expects 10 Malaysian Ringgit as Payment

The complete text of the ransom note generated by the Slime ransomware reads as follows:

Slime is multi language ransomware. Translate your note to any language <----
All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is RM10. Payment can be made in TNG only.
How do I pay, where do I get TNG?
Purchasing TNG varies from country to country, you are best advised to do a quick google search
yourself to find out how to pay in touchngo.
Many of our customers have reported these sites to be fast and reliable:
TNG - hxxps://www.touchngo.com.my/

Payment informationAmount: RM 10
Email Address: zenhao007@gmail.com

We will send you a qr code and you pay and we will send you a Decrypter software.

How Can Ransomware Like Slime Infect Your Computer?

Ransomware, including threats like Slime, can infect your computer through various methods. Here are common ways in which ransomware gains access to systems:

Phishing Emails: One prevalent method involves cybercriminals sending deceptive emails that appear legitimate. These emails may contain malicious attachments or links. Clicking on these links or opening infected attachments can trigger the download and execution of ransomware.

Malicious Websites: Visiting compromised or malicious websites can expose your computer to drive-by downloads. In such cases, malware, including ransomware, is automatically downloaded and executed without your knowledge or consent.

Exploit Kits: Cybercriminals often use exploit kits to target vulnerabilities in software or browsers. When a user visits a compromised website, the exploit kit scans for vulnerabilities and delivers the ransomware payload if any vulnerabilities are found.

Malvertising: Malicious advertising, or malvertising, involves placing infected advertisements on legitimate websites. Clicking on these ads can lead to the download and execution of ransomware on your computer.

Unpatched Software: Ransomware can exploit vulnerabilities in outdated or unpatched software. It's crucial to keep your operating system, antivirus software, and all applications up to date to minimize the risk of exploitation.