Bruhnet Ransomware
The Bruhnet Ransomware is a hurtful threat that targets the data of its victims. When executed on the infected system, the malware will run an encryption process that will affect nearly all of the documents, photos, images, archives, databases and other file types stored on it. Like the vast majority of ransomware attacks, the operators of Bruhent also are financially motivated and their goal is to extort impacted users or corporate entities for money. The Bruhnet Ransomware is classified as a variant of the Xorist malware threat and appears to be primarily aimed at Russian-speaking targets.
The files encrypted by the threat will have '.bruhnet' appended to their original names. Victims also will notice that a new text file named 'КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt' has appeared on the desktop of the system. The file contains a ransom note with instructions, which is written in English, despite the name of the file being entirely in Russian.
The operators of the Bruhnet Ransomware do not leave much information for the affected users. The ransom note simply states that to decrypt their data, users must contact the threat actors, by sending an SMS and messaging the '@rainfall666' Telegram account. The ransom note warns that victims supposedly have only 1 attempt to enter the correct decryption code and failing to do so could leave the files in an unrecoverable state.
The full text of the Bruhnet Ransomware's note is:
'Attention! All your files are encrypted!
To restore your files and access them,
send an SMS with the text - to the User Telegram @rainfall666You have 1 attempts to enter the code. If this
amount is exceeded, all data will irreversibly deteriorate. Be
careful when entering the code!Glory @bruhnet'
