BD Ransomware Description
The BD Ransomware is a file-locking Trojan that can block media on your computer by encrypting it. This attack targets documents, pictures, and similar content for holding for ransom. Appropriate backups often are the only viable recovery method afterward, although anti-malware products should remove the BD Ransomware before it starts encrypting anything.
Fake Cops by Another Name Want to Arrest Your Files
The occasional attack by a file-locking Trojan that's an independent project serves as a reminder that Ransomware-as-a-Services aren't the only forces still using encryption attacks for making money. In the former category, a minor Windows threat, the Police Ransomware, might appear again on victims' computers – but with a different name to go with it. The BD Ransomware is the apparent update of that weeks-older Trojan and shares most of its features, hostile and otherwise.
The BD Ransomware is a 32-bit Windows program that attempts self-obfuscation with a UPX packer. Under ten kilobytes, the extremely-small Trojan uses features meant for extorting money out of its victims, such as:
- The BD Ransomware encrypts files such as JPG images, DOC or PDF documents, and other digital media. This attack stops each file from opening, at least, until the user decrypts it with a compatible service.
- The BD Ransomware appends an extension to these files' names. The Police Ransomware uses the 'Police' extension, while the BD Ransomware uses 'BD.' This change is cosmetic purely.
- The BD Ransomware drops a text ransom note in the same directories as any hostage media. This message is identical to the Police Ransomware equivalent, excepting different SMS and e-mail addresses. Interestingly, the same Bitcoin wallet is part of the ransom, indicating the same threat actor, or the BD Ransomware is an incomplete update, possibly. The BD Ransomware is much cheaper than the Police Ransomware, which uses the same ransom demand as the STOP Ransomware family's Ransomware-as-a-Service.
Enforcing the Law Against Trojans with Fraudulent Police in Their History
The BD Ransomware and the Police Ransomware have no affiliation with law enforcement in any nation, nor do malware experts rate it as a likely member of the STOP Ransomware RaaS. Since the threat's encryption is under ongoing scrutiny, victims may or may not have a chance of recovering their work with free decryption tools. All users can best serve their files' security by preserving backups on other devices, such as detachable drives or a cloud service.
Even though this Trojan takes some minor steps towards hiding itself and shows few symptoms during its encryption routine, it's a low-level and primitive threat. A good anti-malware product should remove the BD Ransomware from an at-risk or infected Windows system automatically.
Copying programming 'homework' is far from a significant crime in the schedule of the average hacker. With Trojan resources available so readily, whether or not the BD Ransomware is an update of the Police Ransomware or just an imitation is far less relevant than the state of one's backup.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to BD Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.