Binwu Ransomware

Cybercriminals are using a serious malware threat to lock the data of their victims and then extort them for money. The threat is being flagged as the Binwu Ransomware and analysis has revealed that it is a variant belonging to the XORIST Ransomware family. Despite being mostly identical to the other variants from the family, Binwu's still possesses a significant capacity to cause damage to the infected systems. It also should be noted that the threat appears to be targeting Russian-speaking users specifically.

If deployed successfully, the ransomware will scan the device and encrypt a large number of different file types. Users will be left unable to access most of their documents, photos, PDFs, databases, archives and more. As part of its actions, the threat also will append '.Binwu' as a new file extension to all locked files. A ransom note with instructions for the victims will be created on the device as a text file named 'КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt.'

Demands Overview

The ransom note is written in Russian entirely and does not feature any translation into other languages. It instructs victims that access to their files can still be restored but they will have to first contact the attackers. The only communication channel provided in the message is the 'vipmnoput@yahoo.com' email address. Upon meeting the demands of the cybercriminals, users are supposed to receive the necessary decryption key. However, if the ransom note can be believed, users have only 5 attempts to enter the correct code. If the attempts are exceeded, the encrypted data could suffer catastrophic damage and become unsalvageable.

The full text of the note is:

'Внимание! Все Ваши файлы зашифрованы!
Чтобы восстановить свои файлы и получить к ним доступ,
свяжитесь с нами по email: vipmnoput@yahoo.com

У вас есть 5 попыток ввода кода. При превышении этого
количества, все данные необратимо испортятся. Будьте
внимательны при вводе кода!'