Threat Database Ransomware Badday Ransomware

Badday Ransomware

Threat Scorecard

Ranking: 14,287
Threat Level: 100 % (High)
Infected Computers: 1,407
First Seen: January 19, 2011
Last Seen: July 10, 2023
OS(es) Affected: Windows

Nowadays, file-encrypting Trojans are one of the most prevalent threats online claiming new victims daily. They are often viewed as a way to make a quick buck and are not overly complicated to build, as long as the cyber crooks borrow most of the code from already existing ransomware threats.

Propagation and Encryption

One of the most recently detected data-locking Trojans is the Badday Ransomware. As its name suggests, you will likely have quite the bad day if you fall victim to this nasty Trojan. When malware researchers dissected the Badday Ransomware, they found out that it's a variant of the GlobeImposter 2.0 Ransomware. It is not disclosed what infection vectors are employed in the propagation of the Badday Ransomware. Some researchers believe that fake pirated variants of popular applications, alongside mass spam email campaigns, and bogus software updates may be some of the propagation methods used in the spreading of this file-locking Trojan. As soon as the Badday Ransomware infiltrates a host, it will run a scan to locate all the files, which it was configured to target. Ransomware threats usually go after all the popular file types to ensure maximum damage. This means that files such as images, songs, videos, films, documents, and presentations are all likely to be locked by the Badday Ransomware. When the files of interested are located, the Badday Ransomware will trigger its encryption process. This threat will apply an encryption algorithm to lock all the targeted data. When the Badday Ransomware locks a file, it appends a new extension to it – '.badday.' For example, if you had an audio file named 'aged-gold.mp3', the Badday Ransomware will change its name to 'aged-gold.mp3.badday.'

The Ransom Note

Next, the Badday Ransomware drops a ransom note on the user's desktop. The note is called 'how_to_back_files.html,' and it states:

’ YOUR PERSONAL ID
-

ENGLISH
YOUR CORPORATE NETWORK LOCKED.
ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.

To restore files you will need a decryptor!.
To get the decryptor you should:
Pay for decrypt your network - 12 BTC :
Buy BTC on one of these sites
hxxps://localbitcoins.com
hxxps://www.coinbase.com
hxxps://xchange.cc
BITCOIN ADRESS FOR PAY:
1HbATAUc2rrpnajiRCeyKuBKZ5onkf22Jt
Send 12 BTC for decrypt
AFTER THE PAYMENT:
Send screenshot of payment to redteamoperation@protonmail.com or redteamoperation@seznam.cz. In the letter include your personal ID (look at the beginning of this document).

AFTER YOU WILL RECEIVE A DECRYPTOR AND INSTRUCTIONS
Attention!

Only our team can decrypt your files.
No Payment = No decryption!
You really get decryptor after payment. As a guarantee you can send 1 test image or text file on our email (In letter include your personal ID)
Do not attempt to remove program or run any anti-virus tools! This doesn't help 🙂
Decoders of other users are not compatible with your data, because each infected computer have unique encryption key!!!
Attempts to self-decrypting files will result in the loss of your data.’

In the note, the attackers ask for the mind-numbing sum of 12 Bitcoin, which is $99,000 approximately. They also demand that the victim contacts them via email to receive further instructions – ‘redteamoperation@protonmail.com' and ‘redteamoperation@seznam.cz.' In the ransom message, the attackers state that 'YOUR CORPORATE NETWORK IS LOCKED' so that this combined with the sky-high ransom fee makes researchers believe that the Badday Ransomware is meant to target large companies and not regular users.

You should keep your distance when it comes to dealings with cyber crooks. They do not tend to be the most trustworthy of individuals, and even if someone pays up this insanely high ransom fee, the attackers will likely never deliver on their end of the deal. A safer approach in this situation is to use a reputable anti-virus solution to remove the Badday Ransomware safely from your computer.

Trending

Most Viewed

Loading...