Buddy Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 4 |
First Seen: | February 3, 2016 |
Last Seen: | August 14, 2022 |
OS(es) Affected: | Windows |
The Buddy Ransomware is an encryption ransomware infection that is used to take the victims' files hostage in exchange for a ransom, usually paid using Bitcoin. The Buddy Ransomware may be distributed in a variety of threat distribution methods. Common ways in which the Buddy Ransomware may be distributed include corrupted email attachments, attack websites, and corrupted files distributed using peer-to-peer file sharing. As soon as the Buddy Ransomware is executed, it encrypts most of the victim's files. The Buddy Ransomware then displays a message demanding the payment of a ransom. If the ransom isn't paid, the victim will not be able to decrypt the affected files, losing them forever.
Table of Contents
Identifying the Buddy Ransomware Infection
The Buddy Ransomware will add the extension CRY to every file that it encrypts. The Buddy Ransomware demands the payment of 0.77756467 Bitcoin, which is on average several hundred dollars. The Buddy Ransomware will display information on how to buy Bitcoins and pay the ransom. The Buddy Ransomware will claim that the files will be decrypted only a few minutes after the payment is carried out. Paying the Buddy Ransomware ransom may not be the solution to your problems since there is no guarantee that the con artists will honor their part of the bargain. Paying the Buddy Ransomware ransom also helps fraudsters to continue producing these threats and profit at the expense of other computer users. The Buddy Ransomware infection has received this name because of its characteristic ransom note, which begins with the words “Hello Buddy”:
Hello Buddy! If you see this message all your important files are been crypted 🙂 What can you do? You can pay with bitcoin and wait 10 min for decryption! it’s very easy! Don’t you know how to purchase bitcoin? hxxp://localbitcoins.com it’s your place! If Antivirus block the crypt you’ll be unable to decrypt…
The Well-Know Method Used by the Buddy Ransomware
The Buddy Ransomware is very similar to numerous other ransomware infections, including CrytoLocker and TeslaCrypt, and may very well share much of their code. In fact, most ransomware Trojans active currently are practically identical except for the quality of their encryption algorithm and the amount of the ransom. In almost every case, the Buddy Ransomware encryption is impossible to decrypt without access to the decryption key. Because of this, computer users' best alternative is to wipe their hard drives and restore their files from a backup rather than attempting to negotiate with the people responsible for the Buddy Ransomware or to obtain a decryption key. The best protective measures against threats such as the Buddy Ransomware are to backup all files and use reliable security software to prevent the installation of these components in the first place.
The Buddy Ransomware Infection Process
Most ransomware infections follow a similar approach. The following are the steps that may be taken by the Buddy Ransomware and similar encryption ransomware Trojans:
- The Buddy Ransomware usually arrives on the victim's computer using typical threat delivery methods.
- Once executed, the Buddy Ransomware scans the victim's hard drives, looking for files that match a list of file extensions contained in its configuration files. The Buddy Ransomware encrypts these files and changes their extension to CRY.
- The Buddy Ransomware also deletes Shadow Volume copies and System Restore points, to prevent computer users from recovering their files using these alternate methods.
- The Buddy Ransomware displays its ransom note, usually by dropping text or HTML files on the victim's computer, as well as displaying pop-up messages and changing the victim's Desktop image.
Computer users should avoid paying the Buddy Ransomware ransom unless they have absolutely no other option. To prevent this from happening, PC security researchers strongly urge computer users to have a backup of all of their files, preferably in an external memory device or the cloud. A reliable security program should be used to prevent the installation of the Buddy Ransomware and other threats.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.