Bulwark Ransomware

By CagedTech in Ransomware

Translate To:

The Bulwark Ransomware executes an encryption routine on the computers it infects. As a result, the impacted data will no longer be accessible or usable in any way. When it comes to ransomware attacks, the locked files very rarely can be restored without paying the attackers for the correct decryption keys. Even though the Bulwark Ransomware has been confirmed to be a variant from the MedusaLocker malware family, its capacity to cause damage should not be underestimated.

When the threat is fully activated on the breached devices, it will target the documents, archives, databases, PDfs, photos and other file types stored there. Each impacted file will have '.bulwark7' appended to its original name. It should be noted that the number in the new file extension will differ, based on the specific Bulwark Ransomware variant. When all targeted file types have been processed, the threat will create a file named '!-Recovery_Instructions-!.html' on the desktop of the device.

The lengthy ransom note delivered via this file, reveals that the operators of Bulwark Ransomware are interested in primarily infecting corporate entities. In addition, the hackers appear to be running a double-extortion scheme by collecting sensitive data before engaging the encryption routine of the threat. The exfiltrated files are stored on a server controlled by the threat actors and will be leaked to the public or sold on the Dark Web to any interested parties, in cases where the victims refuse to pay the demanded ransom.

Two email addresses are mentioned in the note, as a way to reach out to the cybercriminals - 'ithelp09@wholeness.business' and 'ithelp09@decorous.cyou.' Victims are told that up to 3 files can be attached to their message to be decrypted for free. However, the chosen files must not exceed 5MB in size.

The full text of the ransom note left by the Bulwark Ransomware is:

'If you get this message, your network was hacked!
After we gained full access to your servers, we first downloaded a large amount of sensitive data and then encrypted all the data stored on them.
That includes personal information on your clients, partners, your personnel, accounting documents, and other crucial files that are necessary for your company to work normally.
We used modern complicated algorithms, so you or any recovery service will not be able to decrypt files without our help, wasting time on these attempts instead of negotiations can be fatal for your company.
Make sure to act within 72 hours or the negotiations will be considered failed!
Inform your superior management about what's going on.
Contact us for price and get decryption software.
Contact us by email:
ithelp09@wholeness.business
If you will get no answer within 24 hours contact us by our alternate emails:
ithelp09@decorous.cyou
To verify the possibility of the recovery of your files we can decrypted 1-3 file for free.
Attach file to the letter (no more than 5Mb).
If you and us succeed the negotiations we will grant you:
complete confidentiality, we will keep in secret any information regarding to attack, your company will act as if nothing had happened.
comprehensive information about vulnerabilities of your network and security report.
software and instructions to decrypt all the data that was encrypted.
all sensitive downloaded data will be permanently deleted from our cloud storage and we will provide an erasure log.
Our options if you act like nothing's happening, refuse to make a deal or fail the negotiations:
inform the media and independent journalists about what happened to your servers. To prove it we'll publish a chunk of private data that you should have ciphered if you care about potential breaches. Moreover, your company will inevitably take decent reputational loss which is hard to assess precisely.
inform your clients, employees, partners by phone, e-mail, sms and social networks that you haven't prevent their data leakage. You will violate laws about private data protection.
start DDOS attack on you website and infrastructures.
personal data stored will be put on sale on the Darknet to find anyone interested to buy useful information regarding your company. It could be data mining agencies or your market competitors.
publish all the discovered vulnerabilities found in your network, so anyone will do anything with it.
Why pay us?
We care about our reputation. You are welcome to google our cases up and be sure that we don't have a single case of failure to provide what we promissed.
Turning this issue to a bug bounty will save your private information, reputation and will allow you to use the security report and avoid this kind of situations in future.
Your personal ID'

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Bulwark Ransomware

Submit Comment

Related Posts

Covenantbulwark.store

Yourtopdefencebulwark.site

Yourdesktopdatabulwark.site

PUP.Bulwark Cleaning Utility

Yourdatadefencebulwark.live

PUP.Bulwark Privacy wall

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen