Bloodjaws Ransomware

The Bloodjaws Ransomware is a file-locking Trojan that uses the AES-256 encryption for keeping documents and similar media from opening. Current versions of this threat provide the decryption solution free-of-charge, although future variants could change that fact, and extort money in return for restoring your media. Let anti-malware products remove the Bloodjaws Ransomware, when appropriate, and keep backups of your data elsewhere for reducing your vulnerability to malicious encryption.

The Jaws that Open Easier than Expected

A threat actor who's referring to himself as 'Virus Express' is developing a file-locking Trojan separately from ready-to-plunder families like Hidden Tear or the Jigsaw Ransomware. His creation, the Bloodjaws Ransomware, operates on a conventional technique of using AES file-locking attacks and creating both image and text-based 'ransom' notes. What sets the Bloodjaws Ransomware apart from other Trojans of its classification, however, is how it manages its included decryption application.

The AES-256 encryption that the Bloodjaws Ransomware uses may block different formats of non-essential data, such as Word documents, JPG pictures, archives or spreadsheets. After locking your media, the Bloodjaws Ransomware creates both PNG image and Notepad TXT files for conveying its encryption warnings. It also drops the bundled decryption application on the PC.

Currently, the Bloodjaws Ransomware's text file provides the hard-coded password that the Trojan uses for securing its cryptography attack, and the decrypting component is available for public use at no charge. This unusual choice makes it likely that the Bloodjaws Ransomware is an 'educational' or demonstrative project of black hat programming. Malware analysts can connect Virus Express to similar projects, which is promoted via a Youtube channel.

The Bloodjaws Ransomware also claims, erroneously, that it's a virus, although it has no virus-based features for infecting other files with its code, and this label is, at most, colloquial.

Toning Down the Violence against Your Files

Although the Bloodjaws Ransomware may owe its existence to non-extortionist motives purely, file-locking Trojans have their code hijacked by threat actors willing to use them for profit frequently. Only minimal updates would be necessary for facilitating the Bloodjaws Ransomware's deployment against random PC users with a newly-secured encryption routine that could force the victims into paying Bitcoins or other, non-refundable ransoms for their files. As a result of this risk, malware researchers always advise treating file-locker Trojans as potential dangers to your PC's data and saving backups of your media on other devices.

Trojans with file-locking payloads often use the following means of circulating themselves:

• Brute-force attacks can crack non-safe passwords and give remote attackers login access to a server, through which they may install threats like the Bloodjaws Ransomware via RDP exploits and similar methods.
• Spam e-mails, such as fake invoice attachments, may hide Trojan downloaders or Trojan droppers that specialize in infecting the PC with file-locking Trojans, spyware, backdoor Trojans or worms. The contents of these messages, often, are custom-tailored to the victim.

Most file-locker Trojans don't provide a free decryption service or only do so for a limited number of samples, before demanding a ransom. Unfortunately, malware experts are finding less than half of most brands of AV software capable of deleting the Bloodjaws Ransomware accurately, and all PC users should be attentive to updating their security programs for countering this threat.

The Bloodjaws Ransomware may be a story with a happy ending for some of those who deal with it, but this isn't in stone. Hidden Tear and EDA2 are some of the biggest and best examples of how good intentions in programming can go wrong to the tune of hundreds of ransom payments readily.