Bloodjaws Ransomware
PC security researchers have uncovered the Bloodjaws Ransomware, an encryption ransomware Trojan recently. The Bloodjaws Ransomware was first reported on June 24, 2018. The Bloodjaws Ransomware is peculiar in that it may be either a project in progress or a proof of concept instead of a ransomware Trojan intended to carry out attacks on computer users. One of the reasons for this is that the Bloodjaws Ransomware seems to include a decryptor, which defeats the purpose of encrypting the victim's files and then demanding a ransom payment. PC security researchers are comparing it to HiddenTear, which was released as open source software in 2015 for educational purposes initially. However, the criminals adapted HiddenTear to carry out high-profile attacks quickly, and today it is the basis for the vast majority of encryption ransomware Trojans being used to attack computer users online.
The Components Involved in a Bloodjaws Ransomware Attack
The Bloodjaws Ransomware's attack involves several corrupted files:
- 'runme.exe' is a module that runs an encryption routine in the main the Bloodjaws Ransomware executable file.
- 'virus.exe' is the main corrupted executable file in the Bloodjaws Ransomware attack.
- 'message.png' is an image file that replaces the victim's desktop background after the Bloodjaws Ransomware has completed its infection.
- 'readme.txt' is a text file that contains the Bloodjaws Ransomware's ransom note or message to the victim.
- 'decryptor.exe' is a program that can be used to decrypt the data encrypted by the Bloodjaws Ransomware, using a decryption key contained in the Bloodjaws Ransomware's 'ransom note' text file.
The text contained in the 'readme.txt' file and displayed on the affected computer's desktop reads:
'Blood Jaws ransomware
Blood Jaws is ransomware!
Run at your own risk. Run 'runme.exe' if you really want to kill your PC.
I am not responsible for any damage done.
Tested on Windows 10 (64)
Virus made by Virus Express.
Encryption Used:
AES 256 Bit Encryption used with the password: bloodjawsencryptionl23!@:'
How the Bloodjaws Ransomware Attack Works
It seems that the Bloodjaws Ransomware may have been developed by people attempting to play around or study encryption routines. The Bloodjaws Ransomware attack occurs offline entirely, and this threat does not communicate with a Command and Control server. It does not seem that the Bloodjaws Ransomware was developed to attack computer users actively, unlike most encryption ransomware Trojans active today. The Bloodjaws Ransomware does not have a payment website or feature obfuscation of any sort. The Bloodjaws Ransomware is a simple program that carries out an attack and may even be part of a prank possibly. However, some of the most notorious ransomware Trojans, including HiddenTear and EDA2, began as software published online as a prank or for educational purposes and then the criminals were able to adapt it easily.
The Bloodjaws Ransomware's attack is similar to most encryption ransomware Trojans. The Bloodjaws Ransomware uses the AES encryption to damage the user-generated files, which may include files with the following extensions:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Bloodjaws Ransomware then delivers a message to the victims, like most encryption ransomware Trojans. In most cases, this message would be a ransom demand. In the case of the Bloodjaws Ransomware, the message simply notifies the victim of the attack and gives the victim the decryption key needed to recover the affected files.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.