'backtonormal@foxmail.com' Ransomware

The 'backtonormal@foxmail.com' Ransomware is a new version of the Dharma Ransomware, a file-locker Trojan marketing under the Ransomware-as-a-Service model. The 'backtonormal@foxmail.com' Ransomware attacks may keep your files from opening, change their names, and drop ransoming messages on your computer. The threat's campaign is global and attacks multiple regions and OS environments around the world opportunistically. Have your anti-malware programs delete the 'backtonormal@foxmail.com' Ransomware before recovering any encrypted files through unharmed backups immediately.

The Dharma Ransomware's Next Edition Takes the World by Storm

Although Ransomware-as-a-Service is a business model that lets the criminals distribute similar Trojans both quickly and through a variety of exploits, some threat actors take advantage of this methodology more than others do. The 'backtonormal@foxmail.com' Ransomware is one of the most rapidly-expansive variants of the Dharma Ransomware to date, although its core set of features is no different from that of other versions of this branch of the Crysis Ransomware family. As of this month, the 'backtonormal@foxmail.com' Ransomware's attacks are holding hostage the media of over two dozen victims in multiple countries.

Less conventionally, the 'backtonormal@foxmail.com' Ransomware also includes some Mac-based victims in its attacks, along with the usual Windows-based servers. Traditional infection vectors involve the abuse of spam e-mails or unsafe network settings, such as open ports and lax RDP configurations, that give the threat actor ways of accessing the system and installing their file-locker Trojan remotely. After the installation, the 'backtonormal@foxmail.com' Ransomware blocks various digital media formats across the computer's available drives efficiently, which includes such typical data types as text documents, pictures, and archives, as well as many others.

The 'backtonormal@foxmail.com' Ransomware's name-editing function gives these 'imprisoned' files new extensions ('.betta'), ID numbers, and e-mail addresses, and creates a text message that gives the victim a series of ransom demands. Most of the modern versions of the Dharma Ransomware are not compatible with free, public decryption services. Nonetheless, malware researchers don't recommend paying ransoms for decryptors that may not arrive, or be functional, until you test other data recovery solutions comprehensively.

Having Your Files Back to Normal without Paying a Stiff Price

Most versions of the Dharma Ransomware sub-family of the Crysis Ransomware, such as the btc@fros.cc Ransomware, the '.bip File Extension' Ransomware, the guardbtc@cock.li Ransomware, and the '.onion File Extension' Ransomware, can attack network-mapped and unmapped drives. This feature makes these file-locker Trojans capable of harming the majority of a compromised network's data. For countering this, PCs with the 'backtonormal@foxmail.com' Ransomware infections should have their network connections turned off until you can remove the threat.

Workers with server access should have training on avoiding tactics using e-mail-based attacks, which are one of the most favorable infection strategies for file-locking Trojans. Avoiding login credentials that a brute-force tool could compromise is equally valuable. Most anti-malware brands, while not capable of unlocking your files directly, can protect them by deleting the 'backtonormal@foxmail.com' Ransomware with high success rates.

With less than two weeks of apparent activity, the 'backtonormal@foxmail.com' Ransomware has implemented data extortionist proceedings against more than thirty victims successfully. Making money off of businesses with slovenly server security is a business unto itself, as this youngest branch-off of the Crysis Ransomware shows so blatantly.