A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victim’s files.
When encrypting a victim’s computer, it will append the .[firstname.lastname@example.org].CommonRansom extension to encrypted files. It will also create a ransom note named DECRYPTING.txt, which is displayed below.