Bud Ransomware
Posted: September 18, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 7 |
| First Seen: | September 18, 2017 |
|---|---|
| Last Seen: | December 5, 2018 |
| OS(es) Affected: | Windows |
The Bud Ransomware is a Trojan that looks your files to collect ransoms from selling a decryptor. It generates pop-up windows highly similar to those in previous use by the WannaCryptor Ransomware and related threats. Although having security software isn't a substitute for backing up your files safely, most anti-malware programs should be able to remove the Bud Ransomware or block this threat's installation by default.
Letting Trojans Buddy Up with Your Files
As a particularly well-publicized family of file-locking Trojans, the WannaCryptor Ransomware and the '.wcry File Extension' Ransomware are experiencing significant imitation from competing campaigns. Some of the most recent cases that malware researchers are investigating include ones that copy appearances of the previous Jigsaw Ransomware's most infamous feature: deleting your files, along with locking them. This combination of social engineering exploits, while trivial to code, can make a difference in collection rates for the new Bud Ransomware's ransoms.
The Bud Ransomware is a Windows program that locks different formats of media by encrypting them using one or more algorithms, such as XOR, AES or RSA. The enciphered files will refuse to open in normally-associated programs and also have their names changed with extra '.bud' extensions that the Trojan appends to them. The Bud Ransomware completes its payload by launching an HTA window containing a copy of the ransom note that malware experts linked to the WannaCryptor Ransomware, and similar, familial threats previously.
The above window uses a timer and warning about an upcoming deletion of data, similarly to the attacks of the Jigsaw Ransomware, to provoke fast payments of the ransom for giving you a file-unlocking decryptor. One of the few, unique elements in the otherwise highly derivative message is the specification of currency in an equivalent of Euros, which makes it evident that the Bud Ransomware's authors are targeting European residents. However, the encryption portion of the Bud Ransomware's payload may block content in PCs in other regions, without any discrimination.
Telling a Real Buddy of a Program Where to Go
The five hundred Euro fee of the Bud Ransomware's campaign could be suitable for either business entities or individual PC users, and malware researchers have yet to confirm any live attacks from this threat. Con artists may introduce the Bud Ransomware to high-value targets manually, by brute-forcing a network's login credentials, or distributing its installers via such platforms as spam email attachments, torrents, or updates serving on corrupted websites. High standards in network security and default protection from your anti-malware programs should block most or all of these vulnerabilities.
Malware researchers have yet to determine whether the Bud Ransomware is compatible with any freely-usage decryption applications; saving a remote backup is the only definitive solution for keeping your files undamaged. The Bud Ransomware's encryption routine isn't instantaneous, and victims suspecting that they've compromised their PCs should reboot in Safe Mode while disabling their network connections immediately. You can take any steps as needed for recovering any files after removing the Bud Ransomware safely with specialized anti-malware software.
With the identities of some Trojans becoming more and more unclear by day, hoping that a decryptor will be there to compensate for your security misstep is a faulty assumption. Users should try to prevent the Bud Ransomware, and similar file-locker Trojans, from even entering the thresholds of their PCs, since the consequences aren't always something they can fix.
Technical Details
Registry Modifications
Regexp file mask%LOCALAPPDATA%\Corel\CorelCGS.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.