BandarChor Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 37 |
| First Seen: | September 8, 2015 |
| Last Seen: | July 8, 2021 |
| OS(es) Affected: | Windows |
The BandarChor cryptomalware is a custom build of the CryptoLocker ransomware and is delivered to users as an attached archive file to spam emails. Cyber criminals are known to use various social engineering techniques to spread ransomware such as BandarChor, and you are not advised to open spam emails with misspelled sender names. In most cases, the BandarChor ransomware is loaded in spam emails that claim to be from PayPal, Amazon, eBay and Facebook referring to changes in privacy policies, refunds and recently made purchases. The emails loaded with BandarChor urge users to download the attached archive file to familiarize themselves with further details on the topic and at that point many users allow BandarChor to land on their machine. The archive file has a double extension and is an executable program that runs the BandarChor cryptomalware on your PC. The BandarChor ransomware places a copy of itself in the startup directory of Windows and presents users with a message stating: Attention! Your computer was attacked by virus-encoder. The BandarChor ransomware is known to encrypt files that are less than thirty megabytes, and that includes JPEG, PDF, DOC, DOCX, TXT, JPJ, PNG, XLS and HTML. The BandarChor ransomware modifies targeted files according to the scheme .id-_fud@india.com. As you may guess, the segment contains the victim's unique identification number that users need to send to fud@india.com in an email requesting a decoder for their files. Malware researchers recognized two strands of the BandarChor cryptomalware and named them Trojan:W32/BandarChor.A and Trojan:W32/BandarChor.B and both use AES256 encryption for their operations. Users are reminded to use backup programs and not to pay ransomware demands to discourage cryptomalware development. Although, it gains popularity due to RaaS kits like Tox, Encryptor and ORX-Locker appearing on the Dark Internet. You might want to install a reputable anti-malware shield to counter the BandarChor ransomware and trojan droppers and exploit kits that may disperse it.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.