Bhui Ransomware
Cybersecurity experts have come across a ransomware variant called Bhui. This type of malware utilizes file encryption to lock users out of their files and appends the '.bhui' extension to their names. For instance, '1.jpg' would become '1.jpg.bhui' after Bhui has encrypted it.
Apart from file encryption, Bhui also generates a ransom note in the form of the '_readme.txt' file. This note usually contains instructions on how to get back the compromised data. Bhui is a member of the STOP/Djvu Ransomware family, which has been known to be distributed by cybercriminals along with other malicious software like RedLine and Vidar.
It is noteworthy that Bhui is known to encrypt a range of file extensions, with some being .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .jpg, .jpeg, .png, and .bmp. Bhui is typically spread through malicious links, spam emails, and software cracks. Once the malware has infected a device, it immediately starts the encryption process.
The Bhui Ransomware can Leave Victims Unable to Access Their Data
The ransom note issued by the attackers details their demands, mainly that victims must pay them a certain amount. In order to initiate the data recovery process, victims are asked to establish contact with the attackers using the provided email addresses, namely 'upport@freshmail.top' or 'datarestorehelp@airmail.cc.' Upon reaching out, victims will receive further instructions on how to proceed with paying the ransom.
The ransom note presents two distinct amounts, $980 and $490, with victims supposedly being eligible for the discounted price if they initiate contact with the attackers within a specified timeframe of 72 hours. However, it is important to note that in most cases, attempting to decrypt files without paying the ransom is highly unlikely to succeed.
It is strongly advised against paying the ransom to the attackers, as doing so carries significant risks and offers no guarantee of successfully recovering the encrypted data. Engaging in such transactions can result in potential financial loss without any assurance of data restoration.
Moreover, it is crucial for victims to take immediate action to remove the ransomware from their systems. This step is essential to prevent further data loss that may occur due to additional encryption activities carried out by the ransomware.
Users Should Take the Security of Their Data and Devices Seriously
Users can implement a comprehensive set of security measures to safeguard their devices and data from ransomware attacks. By following these practices, individuals can significantly reduce the risk of falling victim to such malicious activities.
First and foremost, it is essential to keep all software, operating systems, and applications up to date. Regularly installing the latest security patches and updates helps to address vulnerabilities that cybercriminals often exploit to gain unauthorized access to devices.
Secondly, exercising caution while browsing the internet and downloading files is crucial. Users should refrain from visiting suspicious websites or clicking on unfamiliar links, as these can lead to the inadvertent installation of ransomware. Any new file should be downloaded from trusted and verified sources only, and they should utilize reputable anti-malware software for scanning and detecting potential threats.
Regularly backing up important data is a critical practice. By maintaining up-to-date backups on external storage devices or secure cloud platforms, users can mitigate the impact of a ransomware attack. In the event of an attack, having backups readily available enables users to restore their files without having to succumb to ransom demands.
Furthermore, exercising caution when handling email attachments and messages is essential. Users should be wary of unsolicited emails, particularly those with suspicious attachments or requests for personal information. Verify the authenticity of emails before interacting with any attachments or clicking on links.
Educating oneself about common phishing and social engineering techniques is also important. Cybercriminals often employ these tactics to trick users into disclosing sensitive information or unknowingly downloading ransomware. By staying informed and vigilant, users can recognize and avoid such deceptive practices.
By adopting these security measures and maintaining a proactive approach towards cybersecurity, users can significantly enhance their protection against ransomware attacks and minimize the potential impact on their devices and valuable data.
The full text of the ransom note dropped by Bhui Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-vKvLYNOV9o
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
