B2DR Ransomware
Posted: March 28, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 93 |
| First Seen: | March 5, 2025 |
|---|---|
| OS(es) Affected: | Windows |
The B2DR Ransomware is a file-locking Trojan that takes your media hostage while delivering ransom notes asking for money to unlock them. The B2DR Ransomware's campaign is targeting business sector-based victims and is unrelated to notable families of similar threats, such as Hidden Tear or the Globe Ransomware. Backing up your work to secure devices and keeping anti-malware utilities for removing the B2DR Ransomware preemptively are the best responses available to most PC users.
Servers Under Assault for Ransoms
Although file-locking threats hailing from previously-analyzed families, especially RaaS ones, make up the bulk of malware experts' analyses, not every Trojan of this classification has a family tree. The lack of links between the new the B2DR Ransomware and other Trojans with similar features makes it likely that its new campaign is the result of threat actors coding their software independently while also launching it without the rental services of the average Ransomware-as-a-Service product.
Live attacks from the B2DR Ransomware's threat actors are introducing the Trojan via unknown means, although RDP exploits, brute-force hacking of login credentials, and e-mail attachments are some of the most likely infection vectors. Once it has access to the server, the B2DR Ransomware searches for media to encrypt using a secure, AES-based enciphering routine. This function also includes files of significant sizes, up to several gigabytes, which implies that its whitelist is custom-made for the intended, business sector targets. Like many threats, the B2DR Ransomware also adds an e-mail address (for negotiating) and a unique extension ('.B2DR') to the filenames.
The threat actors also configured the B2DR Ransomware for dropping ransom notes in text formats, which give the user an ID and further contact details for negotiating the paying of ransoms for a decryptor. While malware experts don't encourage making such payments, any free 'sample' decryption services that the threat actors provide may be useful for recovering any especially valuable data.
Keeping Your Server's Data Clear of Ransom Notes
The B2DR Ransomware includes some limited capabilities for erasing server backup data, and malware researchers recommend segregating any backups so that Trojans like it can't delete the best way of restoring your files. For preventing infections, victims should remain mindful of insecure login combinations, such as extremely short or simple passwords, being very vulnerable to brute-force software that could help hackers with gaining internal server access. E-mailed spam also is a highly-trafficked infection vector, most often, exploiting custom-crafted documents with exploits embedded in them for installing threats like the B2DR Ransomware.
Although the B2DR Ransomware's authors are providing limited samples of their decryption service, they demand ransoms of unspecified sums for the total restoration of a server's data. Malware experts recommend against paying for the con artists decryption help traditionally, which, usually, uses channels that don't allow refunds for any failures of providing the promised solution. While anti-malware products can't decrypt files, they can delete the B2DR Ransomware automatically and interrupt its payload.
The B2DR Ransomware provides anyone with Web servers and exploitable security with more reasons to invest in a good backup solution. Although the B2DR Ransomware is far from unique, its lack of ties to threats like Hidden Tear does make free decryption less of a promise than a dream that may or may not become real, in the future.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.