BD Ransomware
The BD Ransomware is a file-locking Trojan that can block media on your computer by encrypting it. This attack targets documents, pictures, and similar content for holding for ransom. Appropriate backups often are the only viable recovery method afterward, although anti-malware products should remove the BD Ransomware before it starts encrypting anything.
Fake Cops by Another Name Want to Arrest Your Files
The occasional attack by a file-locking Trojan that's an independent project serves as a reminder that Ransomware-as-a-Services aren't the only forces still using encryption attacks for making money. In the former category, a minor Windows threat, the Police Ransomware, might appear again on victims' computers – but with a different name to go with it. The BD Ransomware is the apparent update of that weeks-older Trojan and shares most of its features, hostile and otherwise.
The BD Ransomware is a 32-bit Windows program that attempts self-obfuscation with a UPX packer. Under ten kilobytes, the extremely-small Trojan uses features meant for extorting money out of its victims, such as:
- The BD Ransomware encrypts files such as JPG images, DOC or PDF documents, and other digital media. This attack stops each file from opening, at least, until the user decrypts it with a compatible service.
- The BD Ransomware appends an extension to these files' names. The Police Ransomware uses the 'Police' extension, while the BD Ransomware uses 'BD.' This change is cosmetic purely.
- The BD Ransomware drops a text ransom note in the same directories as any hostage media. This message is identical to the Police Ransomware equivalent, excepting different SMS and e-mail addresses. Interestingly, the same Bitcoin wallet is part of the ransom, indicating the same threat actor, or the BD Ransomware is an incomplete update, possibly. The BD Ransomware is much cheaper than the Police Ransomware, which uses the same ransom demand as the STOP Ransomware family's Ransomware-as-a-Service.
Enforcing the Law Against Trojans with Fraudulent Police in Their History
The BD Ransomware and the Police Ransomware have no affiliation with law enforcement in any nation, nor do malware experts rate it as a likely member of the STOP Ransomware RaaS. Since the threat's encryption is under ongoing scrutiny, victims may or may not have a chance of recovering their work with free decryption tools. All users can best serve their files' security by preserving backups on other devices, such as detachable drives or a cloud service.
Malware researchers have yet to collect the BD Ransomware samples from identifiable infection vectors, such as spam e-mails or torrents. Most installers for this threat use random names such as 'WU17sDZVZ12PQjL.' Users should have strong passwords for blocking brute-force attacks, disable features such as JavaScript, Flash, and macros, and continue avoiding illegal downloads like software cracks.
Even though this Trojan takes some minor steps towards hiding itself and shows few symptoms during its encryption routine, it's a low-level and primitive threat. A good anti-malware product should remove the BD Ransomware from an at-risk or infected Windows system automatically.
Copying programming 'homework' is far from a significant crime in the schedule of the average hacker. With Trojan resources available so readily, whether or not the BD Ransomware is an update of the Police Ransomware or just an imitation is far less relevant than the state of one's backup.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.