Bad Ransomware
The Bad Ransomware is a file-locking Trojan that's a part of a well-known Ransomware-as-a-Service, the Dharma Ransomware. The most acute symptoms of infections include the deletion of the Restore Points and blocked media files, due to the Trojan's encryption feature. Anti-malware software may uninstall the Bad Ransomware from Windows systems, but backups remain necessary for recovering anything locked.
An Appropriate Name for Software that Always Brings Bad News
The Dharma Ransomware's family service still sees customers: other criminals hiring the Trojan as an alternative to making the program from scratch. With a pedigree that stretches back years, through Trojans like the 4k Ransomware, the GTF Ransomware, the Love$ Ransomware, and the Save Ransomware, the illicit business is nowhere close to a stopping point. Summer iterations like the Bad Ransomware continue proving the point that betting on encryption against the unprepared is a reasonably low-risk gamble.
The Bad Ransomware uses a secure encryption routine, like most Ransomware-as-a-Service families, for blocking different media formats on infected PCs. The Windows Trojan also issues commands that wipe the Restore Point and the Shadow Volume Copy data to block off the recovery options for victims. Users can search for the 'bad' extensions, IDs, and e-mails that the Bad Ransomware injects into filenames for finding the encrypted and non-opening files.
While the Bad Ransomware delivers a Notepad ransoming note, it also provides much more information in its pop-up. The template for its ransom demands is similar to those of other Dharma Ransomware releases, meaning a preference for TOR anonymity over the Web and backup addresses for negotiations. Malware experts recommend against paying for users who have other options; some file-locking Trojans don't include legitimate decryptors, and con artists may take the money and run.
Turning a Bad Ransomware into a Better Situation
Businesses that leave their RDP settings inadequately secured are at high risk of encountering file-locking Trojans, from the Bad Ransomware's family and others. Employees also should be careful around e-mails carrying attachments, even if the files are seemingly-customized documents that are relevant to their workplace. Software updates will also prevent many of the exploits that criminals use to spread file-locking Trojans throughout servers owned by NGOs, businesses and governments.
While everyone can save backups for recovering files, users also can maintain standards for Web-browsing security independently. While browsing the Web, turning off Flash, Java and JavaScript will counteract numerous vulnerabilities. Illicit downloads also should be avoided at all times, thanks to their abuse as Trojan carriers.
Trustable anti-malware protection in Windows environments should counteract most infections immediately. Although appropriate cyber-security tools can remove the Bad Ransomware installations, they also can stop drive-by-downloads, remote code-executing macros and other attacks that distribute these threats.
As months and years pass with more verifiable attacks converting files into hostages, users have fewer reasons than ever to take their backup technology for granted. A basic cloud service or even a removable storage device can stop the Bad Ransomware from transforming a good day into a bad one.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.