B2DR Ransomware
The B2DR Ransomware is a file-locking Trojan that takes your media hostage while delivering ransom notes asking for money to unlock them. The B2DR Ransomware's campaign is targeting business sector-based victims and is unrelated to notable families of similar threats, such as Hidden Tear or the Globe Ransomware. Backing up your work to secure devices and keeping anti-malware utilities for removing the B2DR Ransomware preemptively are the best responses available to most PC users.
Servers Under Assault for Ransoms
Although file-locking threats hailing from previously-analyzed families, especially RaaS ones, make up the bulk of malware experts' analyses, not every Trojan of this classification has a family tree. The lack of links between the new the B2DR Ransomware and other Trojans with similar features makes it likely that its new campaign is the result of threat actors coding their software independently while also launching it without the rental services of the average Ransomware-as-a-Service product.
Live attacks from the B2DR Ransomware's threat actors are introducing the Trojan via unknown means, although RDP exploits, brute-force hacking of login credentials, and e-mail attachments are some of the most likely infection vectors. Once it has access to the server, the B2DR Ransomware searches for media to encrypt using a secure, AES-based enciphering routine. This function also includes files of significant sizes, up to several gigabytes, which implies that its whitelist is custom-made for the intended, business sector targets. Like many threats, the B2DR Ransomware also adds an e-mail address (for negotiating) and a unique extension ('.B2DR') to the filenames.
The threat actors also configured the B2DR Ransomware for dropping ransom notes in text formats, which give the user an ID and further contact details for negotiating the paying of ransoms for a decryptor. While malware experts don't encourage making such payments, any free 'sample' decryption services that the threat actors provide may be useful for recovering any especially valuable data.
Keeping Your Server's Data Clear of Ransom Notes
The B2DR Ransomware includes some limited capabilities for erasing server backup data, and malware researchers recommend segregating any backups so that Trojans like it can't delete the best way of restoring your files. For preventing infections, victims should remain mindful of insecure login combinations, such as extremely short or simple passwords, being very vulnerable to brute-force software that could help hackers with gaining internal server access. E-mailed spam also is a highly-trafficked infection vector, most often, exploiting custom-crafted documents with exploits embedded in them for installing threats like the B2DR Ransomware.
Although the B2DR Ransomware's authors are providing limited samples of their decryption service, they demand ransoms of unspecified sums for the total restoration of a server's data. Malware experts recommend against paying for the con artists decryption help traditionally, which, usually, uses channels that don't allow refunds for any failures of providing the promised solution. While anti-malware products can't decrypt files, they can delete the B2DR Ransomware automatically and interrupt its payload.
The B2DR Ransomware provides anyone with Web servers and exploitable security with more reasons to invest in a good backup solution. Although the B2DR Ransomware is far from unique, its lack of ties to threats like Hidden Tear does make free decryption less of a promise than a dream that may or may not become real, in the future.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.