Home Malware Programs Ransomware BandarChor Ransomware

BandarChor Ransomware

Posted: September 8, 2015

Threat Metric

Threat Level: 10/10
Infected PCs: 87
First Seen: September 8, 2015
Last Seen: July 8, 2021
OS(es) Affected: Windows

The BandarChor Ransomware is a file encryption Trojan that locks your files to force you to pay for their renewed use. Although the BandarChor Ransomware family's identification dates from mid-2014, its campaigns continue to see activity in the current year, with infection vectors using multiple strategies to target various victims. Malware researchers, as always, recommend your using the two-pronged approach of anti-malware products for deleting the BandarChor Ransomware, and reliable file backups for avoiding any collateral damage from its payload.

The Kind of File Encoding You Want to Avoid

Following along the lines of threats like the CryptPKO Ransomware or the Tox Ransomware, the BandarChor Ransomware is another file encryptor that selects its targets according to their file formats. Unlike the CryptPKO Ransomware, the BandarChor Ransomware doesn't pretend to be a tool of a law enforcement branch or an otherwise legitimate program. Instead, this file encryptor scans for files of specific types, encrypts them, and then demands a ransom to be paid directly to its admins, with no other pretenses behind the tactic.

The BandarChor Ransomware places both its executable file and its (image-based) ransom demand in the Windows startup folder, thereby guaranteeing that both load automatically. The victim's files are targeted for encryption according to their formats, with files such as JPGs and DOCs being especially at risk. A successful encryption will make the file unreadable until it can be decrypted, although malware researchers found the BandarChor Ransomware displaying an inconsistent rate of encryption in some infections. The affected files also are renamed, providing the victim with a visual indicator of the attack, as well as an e-mail address for ransom payment-related communications.

Ransoming Your Files Away at No Charge

PC users inexperienced with file encryptors might assume that paying any ransom demanded by BandarChor Ransomware's perpetrators is the only way to salvage their lost files. However, the people responsible for similar file encryption campaigns have no pressing reasons to honor any 'obligations' of business transactions by restoring the encrypted files to normal after they receive payment. Although the BandarChor Ransomware may target file backups for additional encryption, remote backups on cloud servers or unattached storage drivers should be unaffected. Thus, these common storage solutions remain the easiest way of recovering your files once you've deleted the BandarChor Ransomware.

The BandarChor Ransomware doesn't distribute itself and may install itself along with other threats. As a result, using anti-malware tools to scan the infected PC is the preferred method of uninstalling a BandarChor Ransomware infection. Malware researchers have verified two main means of the BandarChor Ransomware's distribution; via e-mail file attachments, as well as by exploit kits. For the former, using safe e-mail practices may suffice, but blocking exploit kits, which may load undetectably, always should be left to your Web-browsing security features and software. Updating your software also can lower the range of attack possibilities from these Web-based threats, which scan for exploits in common products like Flash or Java.

Loading...