Bl00dy Ransomware
The Bl00dy Ransomware threat possesses a strong encryption algorithm. As such, threat actors can deploy it on breached computers to lock the data stored there. Like most ransomware attack campaigns, the operators of the Bl00dy Ransomware also are financially motivated - they try to extort their victims for money in the form of ransom payments. Cybersecurity researchers have confirmed that Bl00dy is not a unique malware. In fact, the opposite is true with it being a variant of the previously identified ransomware known as Babuk.
The Bl00dy Ransomware can affect numerous file types, including documents, PDFs, archives, databases, etc. All impacted files will no longer be usable or accessible due to the encryption routine of the threat. Each targeted file will have '.bl00dy' appended to its original name. Victims will be left with a lengthy ransom note dropped on the infected devices as a text file named 'How To Restore Your Files.txt.'
The message left by the attackers reveals that they are running a double-extortion operation. Indeed, according to Bl00dy Ransomware's note, various confidential and important data have been exfiltrated before the start of the encryption routine. The collected information is now under the control of the cybercriminals who threaten to release it to the public if their demands are not met.
The ransom-demanding message doesn't state the exact amount that the attackers are extorting their victims for or if the money must be sent using a specific cryptocurrency. Apparently, the affected organizations will receive additional instructions after contacting the 'filedecryptionsupport@msgsafe.io' email address.
The full text of Bl00dy Ransomware's message is:
'GREETINGS FROM
BL00DY RANSOMWARE GANG
What happened ?
Your entire company network is penetrated and encrypted with ".bl00dy" entension
All files on servers and computers locked and not usable
Dont panic All files are decryptable
We will recover all your files to normal
What Bl00dy Gang take / steal from your company network ?
We download your company important files / documents / databases/ mails / accounts
We publish it to the public if you dont cooperate .
What BL00DY Gang needs from YOU ?
We expect nothing except appreciating our work
PAY US in this way you appreciate our work
How to contact the BL00DY Gang for ransom negotiations ?
filedecryptionsupport@msgsafe.io
What Quarantees ?
we are not a politically motivated group and we do not need anything other than your money.
If you pay, we provide you the programs for decryption and we will delete your data.
If we do not give you decrypters or we do not delete your data, no one will pay us in the future, this does not comply with our goals.
We will help protect your company from any other attacks ; we will give you tips to secure company network
We always keep our promises.
!!! BEWARE !!!
If you have Backups and try to restore from backups . All entire company files / databases / everything
we DOWNLOADED will be posted online
DON'T try to rename or modify encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a
backup for all encrypted files! - Don't try because you will damage all the files
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.
Do not report to Police or FBI , they dont care about your business .They will tell you not to pay
and you will lose all your files.
Recovery Company Cannot help You . things will get rather worse . speak for yourself.
we DO NOT TAKE MUCH'
