Thomas, no! A new piece of purported ransomware features a foul-mouthed Thomas the Tank Engine demanding that you send him nude photos — and questioning your mother's sexual orientation.
Since there's nothing we can possibly say to improve on that, we’ll add that the ransomware may be just a joke aimed to cause confusion and delay. There’s not really anything to worry about, unless you have treasured childhood memories of the affable and hard-working cartoon locomotive on the island of Sodor — in which case you may want to stop reading now.
MalwareHunterTeam, a ransomware-tracking site run by security researcher Michael Gillespie, posted about the unusual malware on Twitter page.
“Not sure about this…” Gillespie tweeted, and the accompanying image made it easy to see why.
The supposed malware calls itself “nRansom” and locks up your computer screen. An image of a friendly Thomas the Tank Engine shouting “F**K YOU!!!” belies the ugly content of the message, which instructs users to make a burner email address, then send an email to “firstname.lastname@example.org” (since suspended by Proton Mail). All the while, an MP3 file called “your-mom-gay” plays, which is actually the theme music from HBO's Curb Your Enthusiasm.
Then things get weird.
Rather than money, the ransomware distributors want “at least 10 nude pictures of you,” which they intend to sell “on the deep web.” How they intend to compete with the entire rest of the internet, which offers professional-grade nude photos for free practically everywhere, is anyone’s guess. (We're looking forward to salacious snaps of Sir Topham Hatt.)
Now, the good news is that the ransomware campaign is probably bogus, for reasons aside from the obvious ones. Motherboard attempted to infect a machine with the Thomas the Tank Engine malware, but that train couldn't leave the station.
The purported malware used — which is real, despite Motherboard's failed start — doesn’t encrypt files, but instead locks up the screen, which is fairly retro as ransomware goes. Even if the Thomas ransomware does turn out to be real, it will be bypassed if you reboot in Safe Mode.
Furthermore, locking the screen would prevent users from sending any photos, nude or otherwise, which leads us to think that the would-be criminals behind this might not be the most Really Useful Engines in the railyard.
Still, if you’re minding your own business online when a beloved children’s toy starts spouting profanities at you, you should probably restart your computer in Safe Mode and run a virus scan. There’s no reason why Thomas the Tank Engine should be able to see your caboose.