Bkransomware Ransomware
The Bkransomware Ransomware is a file-locking Trojan that uses a Secure Hash Algorithm to encrypt your files and stop them from opening in other programs. This encryption of data can damage documents and other recreational or work media, although the Bkransomware Ransomware shouldn't encrypt the operating system intentionally. Most anti-malware tools should delete the Bkransomware Ransomware safely while saving regular backups can lower your risk of permanent damage from the infection.
Data Sabotage is Aiming for Your Cellphone
May is showing evidence of a still-developing campaign for a file-locking Trojan specializing in mobile or smartphone-style devices. The Trojan, the Bkransomware Ransomware, is not a relative of 'big name' threats like the Globe Ransomware or the Crysis Ransomware, but operates similarly, by using data encryption to capture data, before creating a ransom note through pop-ups. However, many of its minor details of operation show differences from those found in the underground industry of both Ransomware-as-a-Service and freeware Trojans.
The Bkransomware Ransomware is one of the few threats of its kind that uses SHA-based encryption as its primary encryption method, along with the additional protection of a ROT-based, letter substitution cipher. The Bkransomware Ransomware locks a handful of formats this way: Word, Adobe, and Notepad documents, PowerPoint presentations, C, C++ and Python programming files, JPG and BMP pictures and SQL databases.
The Trojan's payload also generates a DOS-like Command Prompt pop-up that, in current samples, delivers English-based ransoming instructions for 50k via Viettel, which is a mobile phone SIM card that's prominent in Vietnam. Phone-based voucher ransoms also are typical of other, Asia and Europe-based campaigns. As malware experts found in their past analyses of similar attacks, some of the notable examples of the abuse of similar products by file-locking threats and pop-up-generating ones include the Faizal Ransomware, the Haze Ransomware, or the Policia Federal Virus.
Keeping Musically Inclined Trojans Away from Your Files
The '.hainhc' extension that the Bkransomware Ransomware adds suggests that the Trojan's campaign will use the theme of music software or media, such as free MP3 downloads. It also, unsurprisingly, indicates the Trojan's preference for Vietnamese-based victims, even though the SHA encryption routine should affect data on phones and PCs for other users, regardless of their location. Malware experts encourage using a backup or contacting an established cyber-security researcher for a decryption solution, instead of paying the Viettel fee for unlocking any files.
Threats like the Bkransomware Ransomware can circulate on file-sharing networks, come attached to e-mail messages with forged contents or use delivery methods that require minimal consent from the user, such as a drive-by-download attack triggering through a compromised advertising ring. Due to the variety of infection vectors that are possible, along with the Bkransomware Ransomware's campaign, still, being in development, malware experts can't confirm just one infection strategy. Use a professional anti-malware product for blocking and deleting the Bkransomware Ransomware preemptively, if it's at all possible.
The Bkransomware Ransomware is neither the first nor the last Trojan to employ encryption for sabotaging the files of phone owners. Although there may be hope of the cyber-security industry breaking its SHA-based encryption, the countless victims of similar attacks don't always have such free solutions available to them.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.