BRansomware Ransomware
Posted: August 17, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 9 |
First Seen: | August 17, 2017 |
---|---|
Last Seen: | April 18, 2019 |
OS(es) Affected: | Windows |
The BRansomware Ransomware is a Trojan that tries to block your files by encrypting them with the AES-256-CBC, although this function is buggy and may not be decryptable. Since this threat is under development, malware experts can't confirm any infection vectors or ransom-related components, but most threat actors will ask for Bitcoin payments for a decryptor that they may not render afterward. Have anti-malware products block or uninstall the BRansomware Ransomware, as appropriate, before reverting to a backup.
Trojans Bidding 'Good Game' to You and Your Media
Following a con artist's advice for saving a captive is a high-risk scenario inherently, and this is true even when the hostage in question is digital content. Alongside the file-locking Trojans whose threat actors refuse to give up the compatible decryption solutions, malware analysts also are finding more cases of Trojans that use improper encryption in the first place. Whether it's deliberate or not, threats like the BRansomware Ransomware can cause file damage that is truly irreversible.
The BRansomware Ransomware is built from the ground up seemingly, with no connections to major families of file-encoding threats like the Jigsaw Ransomware, EDA2, or the Globe Ransomware. The BRansomware Ransomware scans local drives for media including documents or images and tries to encrypt them using a variant of the AES in Cipher Block Chaining (or CBC) mode. However, mistakes made by the author cause the BRansomware Ransomware to corrupt the files irretrievably instead of encoding them.
The payload also includes an extension-appending function that uses '.GG' for flagging these files, along with an image file that malware analysts estimate is meant to become part of a wallpaper-hijacking attack. The threat actor has yet to develop proper ransoming instructions, and victims have limited information available for determining the nature of the infection besides the above symptoms and their files no longer opening.
Ending the Game that Con Artists Play with Your Files
Even in comparison to 'finished' threats, Trojans with incomplete features, like the BRansomware Ransomware, can provide equally pressing reasons to protect your files and PC. Because the current pseudo-encrypting function isn't reversible, victims of its attacks depend on having backups to restore from after disinfecting their PCs. Backups can be stored on detachable drives or protected, network servers to keep Trojans of the BRansomware Ransomware's classification from deleting or encoding them. If this threat has updates towards a working version of the AES, malware experts could recommend testing free decryption programs for any potential compatibility.
Threat actors often distribute file-encoding Trojans through spam e-mails and other methods that need permission, albeit misinformed, from the user. Alternate distribution strategies can use less consensual techniques, such as drive-by-download attacks loading through your Web browser or brute-force attacks against a server's login credentials. However, this threat has limited obfuscation to avoid being identified and most anti-malware applications should remove the BRansomware Ransomware before it starts attacking any media.
Incomplete Trojans, like blindly-aimed siege weapons, can be just as destructive as their more precise and fully-developed competition. Assuming that Trojans like the BRansomware Ransomware are crippled just because their attacks don't work quite as intended is an assumption that's most likely to backfire on your files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.