Bisamware Ransomware

Cybercriminals have created a new ransomware threat named BISAMWARE that can be used to lock the data of their victims. So far, the threat has not been attributed to any of the established ransomware families. When activated on the breached computers, BISAMWARE will target the documents, images, photos, archives, databases and other important file types stored there. The strong cryptographic algorithm utilized by the threat ensures that recovery of the files will be nearly impossible without the decryption keys that the attackers possess.

All files impacted by the threat will no longer be usable. Furthermore, they will have '.BISAMWARE' attached to their original names as a new extension. When all targeted file types have been processed, BISAMWARE will deliver two ransom notes to the infected devices. The first message will be displayed in an image that will be set as the new desktop background of the system. This message simply tells victims that they will need to locate a text file named 'SYSTEM=RANSOMWARE=INFECTED.TXT' for further instructions.

The text file contains the full ransom note of the threat. Here, the cybercriminals reveal that their main targets are corporate entities. According to the message, victims will have to pay a ransom, and only payments made in Bitcoins will be accepted. The only way to contact the attackers is via their dedicated TOR website. BISAMWARE's note also states that rebooting the affected device will result in the encrypted files becoming unsalvageable.

The ransom note delivered via the text file is:

'==============RANSOMWARE NOTE==============

YOUR SYSTEM GOT INFECTED WITH A RANSOMWARE

CONTACT US DOWN BELOW AT OUR TOR ONION LIVE CHAT SYSTEM FOR DECRYPTION HELP

IF YOU "DONT" WANT THE FILES BACK - RESET YOUR PC

100% DECRYPTION AFTER PURCHASE OF DECRYPTION KEY - ONLY WE HAVE IT IN OUR DATABASE

TOR CHAT UNIQUE URL:

YOU CAN CALL THE COPS - YOU CAN CALL ANY MASTER TECHNICAL SOFTWARE DEVELOPER BUT IT WONT HELP

WE ARE SPECIALIZED TO TARGET COMPANIES - THERE IS NO WAY TO RECOVER YOUR FILES WITHOUT GETTING THE DECRYPTION KEY

==============REQUIREMENTS==============

+TOR BROWSER TO ACCESS OUR TOR CHAT DOWNLOAD at hxxps://www.torproject.org/download/
+BITCOINS PURCHASE AT hxxps://www.blockchain.com/ , or hxxps://www.coinbase.com/ , or hxxps://www.binance.com/ , or hxxps://localbitcoins.com/
+WATCH TUTORIAL HOW TO BUY BITCOINS AT hxxp://yfoj3s7ov6e3k7pboeumnj6r*.onion/how_to_purchase_bitcoins.mp4 , or hxxps://www.youtube.com/watch?v=MIUQnVHh9rU'

The message shown in the desktop background image is:

'BISAMWARE ' ENCRYPTED ' YOUR FILES OPEN THIS FILE
SYSTEM=RANSOMWARE=INFECTED.TXT
AND FOLLOW THE STEPS TO RECOVER YOUR LOST FILES!'