'beatifulgirls@youknowmynameisbob.online' Ransomware

The 'beatifulgirls@youknowmynameisbob.online' Ransomware is a file-locker Trojan that can block media files on your PC by encrypting them. Additional characteristics of infections include added 'locked' extensions on your media, along with HTML ransom notes in English. Users should treat it like similar threats and delete the 'beatifulgirls@youknowmynameisbob.online' Ransomware through applying proper anti-malware utilities, followed by recovering with their most current backup.

A not Particularly Beautiful Program

Samples of a new and unaffiliated file-locking Trojan are showing up in threat databases, with evident inclinations towards extortion and fraud. The Trojan, the 'beatifulgirls@youknowmynameisbob.online' Ransomware, has some symptoms in common with old threats like the Mespinoza Ransomware, the Dragon Ransomware, and even Trojans as old as the TBHRanso Ransomware. However, it's entirely new, and not, most likely, a Ransomware-as-a-Service product.

The 'beatifulgirls@youknowmynameisbob.online' Ransomware is a Windows program that's being dropped by a 'calc.exe.sus' file – possibly, a fake accounting application, since SUS is a format associated with UK accounting software. The 'beatifulgirls@youknowmynameisbob.online' Ransomware's installer also hides as a Windows automatic update utility. Once it runs, the 'beatifulgirls@youknowmynameisbob.online' Ransomware launches several attacks:

• The encryption routine blocks files (documents, pictures, etc.) with an unidentified algorithm, such as AES. This data encryption stops the file from opening.
• File names of these files also acquire new 'locked' extensions, which is a symptom that the Trojan shares with some of the previously-mentioned ones.
• Lastly, the program creates a custom HTML file that malware experts link to no particular Ransomware-as-a-Service family. The grammatically-poor English text solicits Bitcoin payments to its wallet, amount to somewhat over one thousand USD at current rates. Victims risking the transaction also gamble on the criminal's honoring their word – which isn't always likely.

Rejecting a Girl that Means No Good

While the 'beatifulgirls@youknowmynameisbob.online' Ransomware's ransoming instructions are in English, the numerous errors present suggest that the author isn't a native speaker. Regardless of his theoretical residence, file-locker Trojans like the 'beatifulgirls@youknowmynameisbob.online' Ransomware are, generally, capable of blocking the data on most users' PCs. Unfortunately, malware experts see at least one possible evidence of a victim already having made a ransom payment to the Trojan's wallet despite the well-established risk of not getting an unlocker out of it.

Although recovering from encrypted data is, sometimes, not possible, users can do many things for protecting their files before an infection. Installing security updates and disabling threatening features like your browser's JavaScript or Word's macros can close many vulnerabilities that criminals use for remote code execution, privilege escalation, and general drive-by-downloads. Saving one's backup to a separate device can give an easy recovery option for any documents or other content that the 'beatifulgirls@youknowmynameisbob.online' Ransomware sabotages.

As a rule, most anti-malware products include detection rulesets for file-locker Trojans like the 'beatifulgirls@youknowmynameisbob.online' Ransomware. Five out of seven brands are flagging this program's samples and should remove the 'beatifulgirls@youknowmynameisbob.online' Ransomware without any problems. However, its dropper, 'calc.exe.sus,' is seeing far fewer detections; malware experts recommend updating outdated databases, when possible, for raising these rates.

Whatever its author's real name is, the 'beatifulgirls@youknowmynameisbob.online' Ransomware shows off how easily a Black Hat programmer can make money. Even a single ransom payment provides the 'beatifulgirls@youknowmynameisbob.online' Ransomware with over a thousand dollars in profits – which is why everyone should think twice before rewarding the Trojan for its misdeeds.