BRansomware Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 4 |
| First Seen: | August 17, 2017 |
| Last Seen: | April 18, 2019 |
| OS(es) Affected: | Windows |
The BRansomware Ransomware is an encryption ransomware Trojan. Like the many other encryption ransomware Trojans that are active currently, the main purpose of the BRansomware Ransomware is to infect the victims' computers and make the victim's files inaccessible. The BRansomware Ransomware does this to demand a ransom payment in exchange for the decryption key that is necessary to restore the affected files to their normal state.
Table of Contents
The BRansomware Ransomware is an Independent Project
The BRansomware Ransomware is designed to use a strong encryption algorithm to make its victims' files inaccessible.The BRansomware Ransomware is mainly being distributed using spam email messages, which contain a Microsoft Word file attachment. This file will use corrupted macro scripts to download and install the BRansomware Ransomware onto the victim's computer. The BRansomware Ransomware was first observed in mid-August 2017. The BRansomware Ransomware appears to have been created as an independent project and does not belong to threat families such as HiddenTear or EDA2, nor to known RaaS (Ransomware as a Service.) The BRansomware Ransomware was programmed using the Microsoft Visual Studio 2017, taking advantage of freely available AES encryption algorithms.
How the BRansomware Ransomware Carries out Its Attack
Once the BRansomware Ransomware has infiltrated a computer and encrypted the victim's files, the BRansomware Ransomware will change the victim's desktop image into a logo that has the appearance of gear. The BRansomware Ransomware Trojan itself is a small file that has some capability to avoid common anti-virus programs. There is little to distinguish the BRansomware Ransomware from the numerous other encryption ransomware Trojans that are active today. In its attack, the BRansomware Ransomware will search for the user-generated files on the victim's computer. Some examples of the files the BRansomware Ransomware targets in its attack include photos, audio, video, databases, texts, spreadsheets, presentations, and files associated with numerous commonly used programs such as Microsoft Office, 7Zip, Libre Office, Adobe Photoshop, Adobe Acrobat, and numerous others. The BRansomware Ransomware will use the AES 256 encryption to make these files inaccessible, encrypting their contents and renaming them by adding the file extension '.gg' to the end of each affected file. Once the Bransomware Ransomware has cyphered a file, it will no longer be readable.
How Coin Artists Use the BRansomware Ransomware to Profit at the Victim’s Expense
The BRansomware Ransomware will deliver a ransom note to the victim after the file encryption. The full text of the BRansomware Ransomware ransom note reads as follows:
'Hello!
Attention! All Your data was encrypted!
For specific informartion, please send us an email with Your ID number:
error01@msgden.com,
error02@webmeetme.com
error03@protonmail.com
We will help You as soon as possible!
DECRYPT-ID-16da203M-861A-R3CE-5372-Lb766e168c33 number'
The BRansomware Ransomware's ransom note is contained in a file named 'READ_ME.txt' that is dropped on the victim's desktop and Documents library. The BRansomware Ransomware ransom note instructs the victim to contact its perpetrators via email. When the con artists establish contact with the victim, they will demand a large ransom payment of at least several hundred dollars. PC security analysts advise computer users to avoid paying the BRansomware Ransomware ransom or contacting the people responsible for the BRansomware Ransomware attack.
Do not Contact the People Responsible for the BRansomware Ransomware
There are several reasons why it's not advisable to contact the people responsible for the BRansomware Ransomware:
- The people responsible for the BRansomware Ransomware are very unlikely to keep their promise to yield the decryption key in return for the ransom payment. They are just as likely to ignore the victim or ask for an additional payment.
- Paying the BRansomware Ransomware ransom allows the people responsible for the attack to continue developing and updating the BRansomware Ransomware, as well as creating new threat attacks.
- After the victims of the BRansomware Ransomware attack show a willingness to pay, it is very likely that they will be targeted with additional threat attacks by the creators of the BRansomware Ransomware specifically.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.