'.BadNews File Extension' Ransomware

The '.BadNews File Extension' Ransomware is a file-locking Trojan that uses most of the code of the LockCrypt Ransomware. Attacks by this threat can block your files, such as various formats of media and workplace documentation, by encrypting them. Since not all releases of this family have freeware decryptors, victims are recommended to have backups in case of infections by the non-decryptable versions of the LockCrypt Ransomware. Professional anti-malware programs can defend your files by deleting the '.BadNews File Extension' Ransomware as a threat automatically.

The Latest Subscription to Bad PC News

One year after the introduction of the original Trojan, another build of the LockCrypt Ransomware is seeing new analysis by the cyber-security industry. This version, the '.BadNews File Extension' Ransomware, drops a slightly more sophisticated version of its ransoming message than usual and is a general showcase of its threat actors' willingness for continuing the file-locking Trojan's overall development. Regarding any locked file recovery, malware experts have yet to analyze and features a slightly more sophisticated version of its ransoming message's encryption method for weaknesses that could lead to a solution.

Besides using a different form of ransoming message, the '.BadNews File Extension' Ransomware has most of the features of the first LockCrypt Ransomware, such as a filename modifier that adds an ID-based 'serial number' and a new extension, and a data encryptor that 'locks' these files. Unfortunately, sample availability limitations prevent malware experts from determining, for now, whether the '.BadNews File Extension' Ransomware is using a decryptable or non-decryptable attack – the LockCrypt Ransomware family includes examples of both.

Instead of dropping Notepad ransom notes, as was done previously, the '.BadNews File Extension' Ransomware creates advanced Web pages, or HTA files, with an ID and an address over BitMessage for negotiating the ransom for the decryption service. The omission of any details on the price is typical for the '.BadNews File Extension' Ransomware's family and could be a tactic the threat actors use for maximizing how much the victim pays whether or not the decryptor is sent to them afterward.

Tossing the News Out of Your Server

The '.BadNews File Extension' Ransomware and other variations of the LockCrypt Ransomware, such as the notably more secure LockCrypt 2.0 Ransomware, are significant for attacking business networks instead of random, casual PC owners. These infections make prominent use of Remote Desktop or RDP exploits, as well as brute-force tools. Some of the security steps malware experts recommend in these situations include:

• Double-check your Remote Settings by right-clicking the PC or My Computer Icon and selecting Properties, then the appropriate tab. You may disable remote connections or only allow them for those with additional network authorization.
• Login credentials that are at risk from brute-force attacks may be using short, easy-to-guess, or default values for their passwords and account names. Long, complex strings of text with multiple alphanumeric values in varying cases are less vulnerable.

An AV vendor provides a free decryption solution for the '.BadNews File Extension' Ransomware's family, but its compatibility with this variant is untested. Backing up files to secure drives on other devices can reduce the danger to your media, and many anti-malware products should delete the '.BadNews File Extension' Ransomware at the initial infection stage.

The '.BadNews File Extension' Ransomware is suitably-named, but no more or less of a problem than most other, RDP-abusing Trojans of the same, general type. A good backup and maintaining your network's integrity is all the users need for making its ransom demands harmless.