Ba7md Ransomware Description
The Ba7md Ransomware is classified as a variant of the previous detected threat Hive Ransomware. Although this means that the Ba7md Ransomware lacks major improvements since the Hive Ransomware family is not that sophisticated, its capacity to cause damage shouldn't be underestimated. The threat is capable of locking a large number of file types with a strong cryptographic algorithm, rendering them unusable and inaccessible effectively.
Each file encrypted in this manner will have its original name modified drastically. First, the threat will generate a long string of random characters that will be unique to the specific victim. The string will be added to the names of the encrypted files, after which '.ba7md' will be placed as a new extension. The ransom note of the threat will be dropped as a text file named '2Ym7_HOW_TO_DECRYPT.txt.'
Ransom Note's Overview
According to the instructions, the cybercriminals behind the Ba7md Ransomware also have managed to collect confidential data from their victims. The sensitive information will be released to the public on a dedicated leak site hosted on the TOR network unless victims pay the demanded ransom.
To receive additional details about the payment, affected users are directed towards another website on the TOR network, this time described as a way to reach the criminals' sales department. To log into the site, victims have to use the login and password credentials provided in the note. The second half of the message consists of numerous warnings.
The full text of the note is:
'Your network has been breached and all data were encrypted.
Personal data, financial reports and important documents are ready to disclose.
To decrypt all the data and to prevent exfiltrated files to be disclosed at
you will need to purchase our decryption software.
Please contact our sales department at:
To get an access to .onion websites download and install Tor Browser at:
hxxps://www.torproject.org/ (Tor Browser is not related to us)
Follow the guidelines below to avoid losing your data:
Do not shutdown or reboot your computers, unmount external storages.
Do not try to decrypt data using third party software. It may cause irreversible damage.
Do not fool yourself. Encryption has perfect secrecy and it's impossible to decrypt without knowing the key.
Do not modify, rename or delete *.key.ba7md files. Your data will be undecryptable.
Do not modify or rename encrypted files. You will lose them.
Do not report to the police, FBI, etc. They don't care about your business. They simply won't allow you to pay. As a result you will lose everything.
Do not reject to purchase. Exfiltrated files will be publicly disclosed.'