Threat Database Ransomware Baal Ransomware

Baal Ransomware

Cybersecurity researchers have identified a vicious malware threat tracked as the Baal Ransomware. Upon the threat has infiltrated the victim's device and is executed, it begins to encrypt the files stored there. In addition, the Baal Ransomware modifies the file names by appending a random four-character extension to each one, resulting in filenames like '1.jpg.vkpw' and so on.

Once the encryption process is completed, the Baal Ransomware drops a ransom note named 'read_it.txt' and changes the default desktop wallpaper of the device. The ransom note contains instructions on how victims can pay a ransom to the attackers and possibly regain access to the encrypted files. It should be noted that the Baal Ransomware belongs to the nefarious Chaos malware family. 

The Baal Ransomware Demands an Exorbitant Ransom

The ransom-demanding message created by the threat informs victims that the only way to recover the encrypted files is to pay a ransom to the attackers. The message also includes instructions for testing decryption by sending two or three encrypted files to the cybercriminals before making any payment.

The ransom amount demanded by the attackers is 121 BTC (Bitcoin cryptocurrency), which at the current exchange rate, is approximately 2.6 million USD. It is worth noting that ransom amounts of this magnitude are typically demanded from large entities, such as companies, organizations and institutions.

Once the payment is made, the ransom message instructs the victim to send a screenshot of the transaction to the attackers. The victim is given a deadline of six days to meet the ransom demands.

However, decryption is usually impossible without the cybercriminals' involvement. Despite paying the ransom, victims often do not receive the promised decryption keys or tools. Therefore, it is strongly advised against paying the ransom since there is no guarantee of data recovery, and doing so also supports illegal activity.

Preventive Measures can Stop Attacks from Threats Like the Baal Ransomware

Prevention is key when it comes to defending against ransomware attacks. Here are some best practices that users can follow to protect themselves from ransomware:

  1. Regular Data Backup: Backing up essential data regularly is one of the most effectual ways to protect against ransomware. Regular backups can help in case of data loss, and victims can recover their data without having to pay a ransom.
  2. Keep Operating Systems and Software Up to Date: Software vulnerabilities can be exploited by cybercriminals to infect systems with ransomware. Regularly updating operating systems and software ensures that security patches and bug fixes are installed, reducing the risk of vulnerability exploitation.
  3. Use Anti-Malware Software: Anti-malware software can detect and block malware, including ransomware. It is essential to keep the software updated with the latest definitions and run regular scans.
  4. Be Cautious When Opening Emails and Clicking on Links: Most ransomware attacks occur through phishing emails and unsafe links. Users should be wary of unsolicited emails and links from unknown sources, even if they appear legitimate.
  5. Use Security Measures like Firewall and Intrusion Detection Systems: Firewalls and intrusion detection systems can help detect and block unauthorized access to the system, preventing malware infections.
  6. Train Employees and Family Members: Educating employees and family members about safe computing practices is essential to prevent ransomware attacks. Users should be aware of the risks of opening suspicious links, downloading and installing unauthorized software and clicking on pop-up windows.

By following these preventive measures, users can reduce the risk of ransomware attacks and protect their data from being encrypted and held for ransom.

The ransom note dropped by Baal Ransomware is:


All files on all affected machines and network have been encrypted with Baal Ransomware Encryption.
What guarantees do we give to you?
You can send 2 of any encrypted files to us to decrypt then send them back.

Who is responsible for the Ransom Fee?
The SARB & SA Mint Organization not its employees or assosiates will need to pay the fee to obtain the unique decryption code & tool that contains the private key linked to this specific ecryption.

NOTE: All data is ecrypted (locked) not overitten hence can be decrypted with assossiated key only.

You have only 6 (six) days to meet the Ransom fee in Bitcoin.


Send 121 BTC (Bitcoins) to the following receiving address:


Note: All Bitcoin transactions need six confirmations in the blockchain from miners before being processed. In general sending Bitcoin can take anywhere from seconds to over 60 minutes. Typically, however, it will take 10 to 20 minutes In most cases, Bitcoin transactions need 1 to 1.5 hours to complete.

Send blockchain transaction id screenshot not link via to the email address:

Once the transaction is be confirmed. We will email back the one-click decryption tool to fully decrypt and recover all your files and remove the randsomware on all your machines and network permantly. (No I.T. background required).

The decryption usually takes about a few minutes to an hour depending on the scale and size of the files and additional drives the Ransomware has spread onto the network.

What guarantees do we give to you?
You can send 3 of your encrypted files and we decrypt then send them back.

You have 6 days until the decryption keys are terminated and all data on affected machines and networks will never be recovered. We make use of Military Grade AES Encryptions. Without the linked decryption key you can just forgot about ever recovering encrypted data.

'Blessed are the strong for they shall inherit the Earth' - Codex Saerus'


Most Viewed