BASS-FES Ransomware
Posted: November 21, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 115 |
| First Seen: | September 29, 2021 |
|---|---|
| Last Seen: | July 4, 2023 |
| OS(es) Affected: | Windows |
The BASS-FES Ransomware is a variation of the Hidden Tear file-locking Trojan, and, like the original version of that threat, can block you from opening files by enciphering them. This Trojan also generates Notepad messages requesting money for restoring any files it locks and may make false claims about its additional features, such as uploading data over a network. Malware researchers continue advising that users preserve their media with backups and anti-malware protection that can delete the BASS-FES Ransomware as soon as they detect it on the PC.
The Worst Service Notice You can Get
Since it's very straightforward to modify Utku Sen's Hidden Tear project for illegal and profitable purposes, many threat actors of unrelated groups are distributing their custom variants of this software. The latest edition of this file-locking Trojan is arriving with no programming or cryptography changes but does deliver messages that deceive the user about its attack features intentionally. This threat, the BASS-FES Ransomware, is not visible in the wild currently, despite being already functional.
The focal point of the BASS-FES Ransomware's payload is identical to that of the original Hidden Tear: a data-encrypting feature that can search for different files on the PC and lock them with an AES-based cipher. The threat actors may choose to sort which media they target by blocking specific formats, like Word documents, or avoiding locations like the Windows folder. The BASS-FES Ransomware displays no user interface while doing so.
Malware experts have found no duplicates of the BASS-FES Ransomware's Notepad-based 'service notices' in the campaigns of other Trojans, including the numerous variants of Hidden Tear. This note, which the BASS-FES Ransomware drops after blocking the victim's digital media, identifies the Trojan, demands a single Bitcoin in payment for a decryption service, and claims that the Trojan also is uploading your locked data to a cloud server. This last feature isn't a default part of the HT family, and malware experts are, so far, verifying that the BASS-FES Ransomware does not include it.
Pulling Your Files out of a Trojan's Encryption System
File-locking Trojans are active threats to both any locally saved files and files that the users store on open-access devices, including any network or removable drives protected inadequately. The BASS-FES Ransomware's ransom converts to over eight thousand US dollars and should be withheld, if possible, by victims until after they test all practical, free substitutes for recovering their files. Besides backups to defend your media proactively, malware experts also recommend sampling the compatibility of current decryption programs for Hidden Tear that various organizations in the AV sector provide at no cost.
The BASS-FES Ransomware works as its threat actor intends and can damage a comprehensive range of media in a Windows environment. However, its underlying campaign has not entered into a status of full distribution to either public or private entities, and malware experts only can estimate its possible infection methods. Use traditional anti-malware products to delete the BASS-FES Ransomware in any common disguises, such as fake e-mail attachments, or uninstall it from your computer after it attacks.
The BASS-FES Ransomware's delivering fraudulent information along with its premium solution intentionally raises the point of how trustworthy its threat actor might be. As common sense might indicate, the people who are willing to attack your PC and lie to you in the bargain may not be the best choice of people to trust for recovering what's yours.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.