Home Malware Programs Ransomware bkp@cock.li Ransomware

bkp@cock.li Ransomware

Posted: September 21, 2018

The bkp@cock.li Ransomware is a variant of the Dharma Ransomware branch of the Crysis Ransomware family. Threat actors provide these file-locker Trojans to other criminals, usually via rentals, for conducting campaigns that block the victims' digital media and extort money for unlocking it. Unlocking your files with free software isn't always an option, and users should keep backups of their work while protecting their PCs with anti-malware tools for assisting with the bkp@cock.li Ransomware's removal.

The Next Crisis for Those without Backups

The lucrative nature of the Ransomware-as-a-Service speaks for itself, but especially loudly with the Crysis Ransomware family, whose RaaS-based campaigns are being re-deployed, with small variations, throughout 2018. Both new versions, such as the September's icrypt@cock.li Ransomware or the 'paydecryption@qq.com' Ransomware, as well as old ones like the Supermagnet@india.com Ransomware and the 'Lavandos@dr.com' Ransomware, are similarly potent at blocking the private and work-related files of Windows PCs. Even within the past week, newly-appearing releases like the bkp@cock.li Ransomware use the preexisting encryption standards of this software for extorting ransoms.

Blowfish and the more conventional AES algorithms are the two standards that the bkp@cock.li Ransomware uses for blocking content, based on its payload being a modest update of the Dharma Ransomware. With these encryption methods, the bkp@cock.li Ransomware locks and also renames media such as pictures, documents, databases or spreadsheets, while also erasing the local Shadow Copy data (which Windows could use for restoring them). Although a decryption utility is free to the public for counteracting the side effects of the Dharma Ransomware infections, the regular updates to this family, like those of most RaaS projects, makes it unsure as to whether or not it will work on recent versions like the bkp@cock.li Ransomware.

Malware experts are confirming at least eight, separate victims of the bkp@cock.li Ransomware attacks by infection methods unidentifiable currently. If its threat actors are keeping to the same strategies as in previous Dharma Ransomware campaigns, users can anticipate the following exploits:

  • E-mail attachments may be disguising the bkp@cock.li Ransomware's executable as a document, usually, with the theme of workplace communication, a general-interest news article or a billing notice. In some cases, the criminal may attach an actual document, but embed a vulnerability inside of it for dropping the threat.
  • Brute-force attacks also are very commonplace with RaaS-style, file-locking Trojans. These attacks use Black Hat software for breaking login name and password combinations, which gives the criminal the option of installing the bkp@cock.li Ransomware, or other threats, with full admin privileges.

Stopping Your PC from Being on the Victim Side of a RaaS Business

While freeware decryption is questionable for the bkp@cock.li Ransomware, there are standard security steps that any user can take for making themselves less at risk from file-locking Trojans of its family. Whether you're administrating an office server or are using a home computer, always double-check e-mail attachments for safety purposes by scanning them with appropriate AV software. Keeping Word macros disabled and updating software like Adobe's PDF Reader also minimize the risks of spam-based attacks. Lastly, all users should avoid brute-force-vulnerable passwords, such as 'admin1' or 'password123,' and be sure to change their login credentials to combinations that are both unique and reasonably complex.

Since local backups are at risk from the bkp@cock.li Ransomware infections, just like those of competitors like the Scarab Ransomware, malware analysts recommend keeping at least one backup off of your work computer. Backing up to a detachable device or a cloud service with additional protection can save your files from an encryption-based hostage situation. Anti-malware programs of most brands, also, are removing the bkp@cock.li Ransomware safely, according to their default threat-detecting metrics.

What the time to come has in store for the bkp@cock.li Ransomware's family depends just as much on the victims as it does on the criminal programmers. Whatever files you might hold dear, protecting them instead of letting them be vulnerable to extortion should be an easy and painless decision.

Loading...