A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victim’s files.
CommonRansom was discovered by Michael Gillespie after a victim uploaded a ransom note and an encrypted file to his ID Ransomware service.
When encrypting a victim’s computer, it will append the .[firstname.lastname@example.org].CommonRansom extension to encrypted files. It will also create a ransom note named DECRYPTING.txt, which is displayed below.