Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Ransomware Bad Ransomware

Bad Ransomware

By GoldSparrow in Ransomware
Translate To:
English

The Bad Ransomware is a file-locker that has been identified by security researchers recently. This data-encrypting Trojan belongs to the Dharma Ransomware family – one of the most prevalent ransomware threats in 2019 and 2020.

Propagation and Encryption

The Bad Ransomware is likely to go after a wide range of filetypes including .mp3, .wav, .mid, .midi, .mp4, .mov, .jpeg, .jpg, .svg, .gif, .png, .rar, .zip, .db, .xls, .xlsx, .ppt, .pptx, .doc, .txt, .docx, .pdf and others. When the Bad Ransomware encrypts a file, it changes its name by adding a new extension to it –' .id-<VICTIM ID>.[ucos2@elude.in].bad. 'For example, a file named 'crystal-card.png' will be renamed to 'crystal-card.png.id-<VICTIM ID>.[email].<EXTENSION>.' The Bad Ransomware will generate a unique victim ID for every breached user, as this allows the attackers to differentiate between the compromised targets easy and quickly. It is not clear how the Bad Ransomware is being propagated. It is likely that the authors of the Bad Ransomware may be using malvertising campaigns, fake social media profiles or pages, bogus software downloads and updates, torrent trackers, and specially crafted fraudulent emails to distribute this file-locker.

The Ransom Note

The Bad Ransomware drops a ransom note on the breached system. The name of the file containing the attackers' message, is 'FILES ENCRYPTED.txt.' In the ransom note, the attackers do not mention a specific ransom fee. Instead, they demand that the user visits a page set up by them on the Deep Web. The Tor-based website's domain name is 'badday5palenar52.onion,' and it is accessible via the Tor Web browser only. The Web page provided by the attackers is where the victim can purchase a decryption tool. The authors of the Bad Ransomware also provide an email address where the user can contact them – ‘ucos2@elude.in.'

You should avoid contacting cybercriminals. They keep their promises rarely, so if you pay the fee, you may never receive the decryptor that you need. Make sure you remove the Bad Ransomware from your PC via a legitimate, modern anti-virus software suite.

Related Posts

Trending

Most Viewed

Loading...