Threat Database Ransomware Buddy Ransomware

Buddy Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 4
First Seen: February 3, 2016
Last Seen: August 14, 2022
OS(es) Affected: Windows

The Buddy Ransomware is an encryption ransomware infection that is used to take the victims' files hostage in exchange for a ransom, usually paid using Bitcoin. The Buddy Ransomware may be distributed in a variety of threat distribution methods. Common ways in which the Buddy Ransomware may be distributed include corrupted email attachments, attack websites, and corrupted files distributed using peer-to-peer file sharing. As soon as the Buddy Ransomware is executed, it encrypts most of the victim's files. The Buddy Ransomware then displays a message demanding the payment of a ransom. If the ransom isn't paid, the victim will not be able to decrypt the affected files, losing them forever.

Identifying the Buddy Ransomware Infection

The Buddy Ransomware will add the extension CRY to every file that it encrypts. The Buddy Ransomware demands the payment of 0.77756467 Bitcoin, which is on average several hundred dollars. The Buddy Ransomware will display information on how to buy Bitcoins and pay the ransom. The Buddy Ransomware will claim that the files will be decrypted only a few minutes after the payment is carried out. Paying the Buddy Ransomware ransom may not be the solution to your problems since there is no guarantee that the con artists will honor their part of the bargain. Paying the Buddy Ransomware ransom also helps fraudsters to continue producing these threats and profit at the expense of other computer users. The Buddy Ransomware infection has received this name because of its characteristic ransom note, which begins with the words “Hello Buddy”:

Hello Buddy! If you see this message all your important files are been crypted 🙂 What can you do? You can pay with bitcoin and wait 10 min for decryption! it’s very easy! Don’t you know how to purchase bitcoin? hxxp://localbitcoins.com it’s your place! If Antivirus block the crypt you’ll be unable to decrypt…

The Well-Know Method Used by the Buddy Ransomware

The Buddy Ransomware is very similar to numerous other ransomware infections, including CrytoLocker and TeslaCrypt, and may very well share much of their code. In fact, most ransomware Trojans active currently are practically identical except for the quality of their encryption algorithm and the amount of the ransom. In almost every case, the Buddy Ransomware encryption is impossible to decrypt without access to the decryption key. Because of this, computer users' best alternative is to wipe their hard drives and restore their files from a backup rather than attempting to negotiate with the people responsible for the Buddy Ransomware or to obtain a decryption key. The best protective measures against threats such as the Buddy Ransomware are to backup all files and use reliable security software to prevent the installation of these components in the first place.

The Buddy Ransomware Infection Process

Most ransomware infections follow a similar approach. The following are the steps that may be taken by the Buddy Ransomware and similar encryption ransomware Trojans:

  1. The Buddy Ransomware usually arrives on the victim's computer using typical threat delivery methods.
  2. Once executed, the Buddy Ransomware scans the victim's hard drives, looking for files that match a list of file extensions contained in its configuration files. The Buddy Ransomware encrypts these files and changes their extension to CRY.
  3. The Buddy Ransomware also deletes Shadow Volume copies and System Restore points, to prevent computer users from recovering their files using these alternate methods.
  4. The Buddy Ransomware displays its ransom note, usually by dropping text or HTML files on the victim's computer, as well as displaying pop-up messages and changing the victim's Desktop image.

Computer users should avoid paying the Buddy Ransomware ransom unless they have absolutely no other option. To prevent this from happening, PC security researchers strongly urge computer users to have a backup of all of their files, preferably in an external memory device or the cloud. A reliable security program should be used to prevent the installation of the Buddy Ransomware and other threats.

Related Posts

Trending

Most Viewed

Loading...