BugWare Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 6,947 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 10,902 |
| First Seen: | October 12, 2017 |
| Last Seen: | September 12, 2023 |
| OS(es) Affected: | Windows |
The BugWare Ransomware is an encryption ransomware Trojan that was first observed on October 10, 2017, by PC security researchers. The BugWare Ransomware is distributed using spam email attachments, which will often take advantage of various tactics to infect victims with threats. The most common tactic involves sending files with double extensions to the victims. Typically, the files will appear to have a harmless extension, such as a PDF. However, they are executable files designed to download and install the BugWare Ransomware when opened by the victim. The bulk of the BugWare Ransomware attacks are concentrated in Brazil. The BugWare Ransomware is designed to infect computers running the Windows operating system.
Detailing a BugWare Ransomware Infection
The BugWare Ransomware is a variant of HiddenTear, an open source encryption ransomware platform that has spawned countless ransomware variants. Like other HiddenTear variants, the BugWare Ransomware will use the AES 256 encryption to make victims' files inaccessible, as well as try to shut down other recovery methods such as deleting the Shadow Volume Copies of files on infected computers. The BugWare Ransomware does this so that it can demand a ransom payment to get the key necessary to decrypt and restore the affected files. After encrypting the files, the BugWare Ransomware will mark them by adding the file extension '[SLAVIC@SECMAIL.PRO].BUGWARE' to all the files encrypted by the BugWare Ransomware attack. The BugWare Ransomware will display a ransom note in a program window with the title 'BugWare [v1.2].' Some of the file types typically targeted by a BugWare Ransomware infection include:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
In its ransom note displayed in a program window, the BugWare Ransomware delivers the following messages:
'Hello,
Unfortunately, all your personal files and database were encrypted with government-used algorithms with a 256-bit key, but do not panic, there is an easy and secure solution to getting your files back by paying the amount of REAL THOUSAND in one virtual currency called MONERO to the Address that is just above.
-
As soon as you make the payment send to my Email the code generated in the transaction along with Your Identification that is just above and also the password encrypted with RSA-2048 that is in the text field above.
-
Attention:
Do not waste your time looking for solutions to decrypt for free the files using programs on the INTERNET, they will corrupt your files making the decryption impossible even with the correct key.
YOU HAVE JUST 72HORS TO MAKE THE PAYMENT AND DESCRIBE YOUR FILES OTHERWISE IF YOUR FILES WILL BE TURNED OFF!
-
HOW TO BUY MONERO:
To buy monero you need to buy bitcoins, use the site h[tt]ps://foxbit.com[.]br/
to buy bitcoin, once purchased, buy the monero with your bitcoin on the site h[tt]ps://poloniex[.]com/
Below some tutorials on youtube:
[LINKS TO VIDEOS ON YOUTUBE]
-
IF YOU WANT TO PAY IN ANOTHER CRIPTOCURRENCIE CONTACT THE EMAIL ABOVE!'
Dealing with the BugWare Ransomware
The BugWare Ransomware's payment method seems quite convoluted, instructing the victim to purchase Bitcoin and then use those Bitcoins to purchase Monero. In any case, computer users should refrain from paying the BugWare Ransomware ransom or contacting these people. Paying the BugWare Ransomware ransom allows these people to continue distributing and creating threats like the BugWare Ransomware, by financing their operations. As with other encryption ransomware Trojans, the best protection against this threat is to have file backups on an external memory device or stored in the cloud.
