Bepabepababy Ransomware
The Bepabepababy Ransomware is the latest crypto locker threat to be spawned from the Globe Imposter malware family. Exactly like the other variants of the Globe Imposter Ransomware, the Bebabepababy can cause severe damage to any system it manages to infiltrate due to the potent cryptographic algorithm it uses for encryption. After the completion of the encryption process, users will be locked out of their own computers effectively.
The Bepabepababy Ransomware appends an email address that belongs to the hackers to every file's original name it affects as a new extension - 'bepabepababy1@protonmail.com.' As a result, a file named 'Default1.png' will be renamed to 'Default1.png.bepabepababy1@protonmail.com.' The threat drops a ransom note with instructions for its victims as an Html file named 'how_to_back_files.html.' A copy of the file will be placed in every folder containing encrypted data.
The hackers use several scare tactics to further push their victims into meeting their demands. First, they state that the decryption key required for the restoration of the user's encrypted files will not be kept on their server indefinitely. Then, following the general threat observed among ransomware threat actors, the Bepabepababy Ransomware threatens to start either leaking or reselling information that had been exfiltrated from the compromised device prior to the initiation of the encryption process.
To contact the hackers, users are first supposed to create an email account for either the protonmail.com or cock.li services and then send a message to the 'bepabepababy1@protonmail.com.' If there's no answer within 48 hours, victims should message the alternate email address at 'moscownight123@airmail.cc.'
The full text of the Bepabepababy Ransomware's ransom note is:
'YOUR PERSONAL ID
ENGLISH
YOUR FILES ARE ENCRYPTED!
ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files .
To recover data you need decryptor.
To get the decryptor you should:
· Register email box to protonmail.com or cock.li (do not waste time sending letters from your standard email address, they will all be blocked). · Send a email from your new email address to: bepabepababy1@protonmail.com with your personal ID. · In response, we will send you further instructions on decrypting your files.
Attention!
· It is in your interest to respond as soon as possible to ensure the recovery of your files, because we will not store your decryption keys on our server for a long time. · check the folder "Spam" when waiting for an email from us.we gathered highly confidential/persornal data. thses data are currently stored on a private sever. this server will be immediately destroyed after your payment.we only seek money and do not want to damage your reputation. if you decide to not pay, we will release this data to public or re-seller. If we do not respond to your message for more than 48 hours, write to the backup email : moscownight123@airmail.cc.'
How Does Bepabepababy Ransomware Infect Computers?
Cybercriminals typically use spam emails to spread Bepabepababy Ransomware. When someone receives an email with a malicious attachment and opens it, viruses such as this are automatically installed on their computer. Hackers may disguise emails by using the names of important people, companies, and service providers to trick readers.
Another standard malware distribution method is software bundling. Bepabepababy Ransomware also targets users who access torrent sites or download pirated games and software through peer-to-peer networks. We recommend against doing any of these as they compromise your computer’s safety and security and the data stored on it.
Victims Should Not Pay the Ransom
Please understand that paying the creators of Bepabepababy Ransomware is no guarantee you’ll get your files back. It would be best not to trust the hackers who encrypted the files in the first place. Many ransomware victims learn this lesson the hard way – losing their money along with their data. We always recommend against paying hackers. Instead, you should take steps to remove the virus from your computer. It won’t undo the encryption, but it does mean that you can safely restore your files from a backup without having them encrypted again. If you don’t have a backup, you may see some success with file recovery software.
