BuSaveLock Ransomware
The purpose of the BuSaveLock Ransomware is to encipher files and demand payment in exchange for their decryption. Additionally, this ransomware includes a ransom note titled 'How_to_back_files.html' and modifies the filenames of the encrypted files.
The BuSaveLock Ransomware, when infecting a system, appends the '.busavelock' extension to filenames along with a specific number. The specific number varies depending on the variant of BuSaveLock Ransomware. For instance, it renames a file named '1.pdf' as '1.pdf.busavelock53,' and '2.png' as '2.png.busavelock53,' and so on. This renaming scheme allows the ransomware to differentiate and track the affected files.
Furthermore, the BuSaveLock Ransomware is categorized as a member of the MedusaLocker Ransomware family, sharing similarities and traits with other variants in the same family.
The BuSaveLock Ransomware Takes Victims Data Hostage
The ransom note discovered by the researchers indicates that all significant files have undergone encryption using RSA and AES encryption algorithms. In an attempt to discourage victims from seeking alternative solutions, the note explicitly advises against using third-party software for file restoration, asserting that doing so will irreversibly damage the files. Furthermore, victims are instructed not to modify or rename the encrypted files, possibly to avoid complicating the decryption process.
According to the note, the attackers claim that no software available on the Internet possesses the capability to resolve the encryption issue, emphasizing that only they hold the key to decrypt the files. Furthermore, the attackers assert that they have gained access to highly confidential and personal data, which is currently stored on a private server. In an attempt to pressure the victims into compliance, the note warns that if the ransom is not paid, the attackers will either make the data public or sell it to other threatening entities.
To demonstrate their ability to restore the encrypted files, the cybercriminals offer a small act of goodwill by offering to decrypt 2-3 non-essential files free of charge. They provide contact information for communication, including two email addresses - 'ithelp11@securitymy.name' and 'ithelp11@yousheltered.com.'
The ransom note concludes with a stern warning that failure to initiate contact with the attackers within a 72-hour timeframe will result in an increased price for the decryption software, further pressuring the victims to comply with their demands.
Users Should Establish Sufficient Security on Their Devices against Ransomware Threats
Users can take several essential measures to enhance the security of their data and devices against ransomware threats.
First and foremost, maintaining regular backups of important files is crucial. By backing up data on a consistent basis and storing it securely, users can ensure that even if their devices are compromised by ransomware, they can restore their files without having to pay the ransom. It is important to store backups in a separate location or on a separate device to prevent them from being affected by ransomware.
Keed operating systems and programs up to date is another crucial step. Regularly installing software updates, patches, and security fixes helps to address vulnerabilities that can be exploited by ransomware. This minimizes the risk of falling victim to known ransomware strains.
Practicing safe browsing habits is essential. Users must be cautious when opening email attachments, clicking on suspicious links, or visiting potentially malicious websites. They should verify the authenticity of emails and attachments before interacting with them. Installing reputable antivirus and anti-malware software can add extra protection by detecting and blocking potential ransomware threats.
Using strong, exclusive passwords for online accounts and implementing multi-factor authentication adds an extra level of security. Ransomware often gains access to systems through compromised passwords or weak security measures. By employing strong authentication methods, users can reduce the risk of forced access to their accounts and data.
Educating oneself about common ransomware tactics and staying informed about the latest threats is crucial. Being aware of social engineering techniques, such as phishing emails or malicious downloads, helps users recognize potential ransomware threats and avoid falling victim to them.
Overall, taking a proactive approach by regularly backing up data, keeping software up to date, practicing safe browsing habits, using strong authentication, and staying informed about the latest threats can significantly enhance data and device security against ransomware threats.
The text of the ransom note dropped by the BuSaveLock Ransomware is:
'YOUR PERSONAL ID:
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.No software available on internet can help you. We are the only ones able to
solve your problem.We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..We only seek money and our goal is not to damage your reputation or prevent
your business from running.You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.Contact us for price and get decryption software.
email:
ithelp11@securitymy.name
ithelp11@yousheltered.comTo contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.'
