BG85 Ransomware
The BG85 Ransomware is a file-locker Trojan from the family of the AES-Matrix Ransomware. Besides blocking files on infected PCs, it may delete the user's unprotected backups. Attacks often use RDP or other manual-targeting strategies. All users should maintain robust Internet security protocols and have anti-malware services for removing the BG85 Ransomware before it causes significant data loss.
The BG85 Ransomware: Slightly Simpler and Just as Predatory
In terms of raw numbers, AES-Matrix Ransomware isn't the biggest mover-and-shaker in the file-locking Trojan threat landscape. Like the recently-uncovered the BG85 Ransomware, its members are among the most threatening predators of files for poorly-protected Web servers despite a more selective deployment. The BG85 Ransomware follows its brethren like the ANN Ransomware, the CORE Ransomware, the FDFK22 Ransomware, and the Relock Ransomware. It is a slightly dumbed-down continuation of past policies for media-abusing extortion.
The BG85 Ransomware blocks files by encrypting them and tends towards targeting media-based formats, such as the ever-popular documents, images and spreadsheets. This family also includes a default anti-Restore Point feature for stopping victims from recovering from a local Windows backup. Victims can determine which files will not open by searching for its extension, which references the Trojan's name and is, by appearances, a random string. The text also includes an e-mail referring to the threat actor doing the extortion.
The ransom note is one of the BG85 Ransomware's few points of difference from other family Trojans, like the also-recent ANN Ransomware. It uses less-ornate formatting for its text and omits some of the phrasings. However, its contents' essentials are the same, including a three-file demonstration for the criminal's premium decryptor and multiple e-mails for negotiations. While malware analysts point to using a Criptext e-mail as unusual, the service is, as usual, a free and encryption-based one for the threat actor's affordability and anonymity.
Staying Off a Trojan Business's Paycheck
The AES-Matrix Ransomware family uses targeted means of frequently attacking and distributing its members like the BG85 Ransomware. Users may expose their servers through poor password selection or out-of-date software that includes publicly-known vulnerabilities. E-mails are another theme in these attacks and may convey documents with Trojan-dropping exploits or links to a Trojan dropper or downloader. The BG85 Ransomware is, however, limited to Windows environments.
The BG85 Ransomware's family has no significant weaknesses in its encryption, which keeps the affected files from opening, regardless of their names or extensions. Users should maintain backups on other systems and storage devices for all their recovery needs carefully. This precaution goes for media formats that are more likely to experience encryption-based attacks, particularly, such as DOCs, PDFs, JPG, BMPs, RARs, XLSXs and more.
Anti-malware services have little recourse against threat actors that control a PC through Remote Desktop directly, a RAT's reverse shell or similar methods. For user-instigated exposure or disinfection, these programs should remove the BG85 Ransomware properly.
With each member, Trojan families gain, not necessarily strength, but potential flexibility for finding their paths to victims. The BG85 Ransomware may come from any of the previously-referenced techniques or a new one, but a safe backup will stop its ransom attempt in its tracks, in all cases.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.