'.BadNews File Extension' Ransomware

'.BadNews File Extension' Ransomware Description

The '.BadNews File Extension' Ransomware is an encryption ransomware Trojan. The attacks involving threats like the '.BadNews File Extension' Ransomware started appearing on August 28, 2018. The '.BadNews File Extension' Ransomware is a variant of preexisting ransomware threats that have been released steadily since November 2017 and may be part of the ransomware builder of a RaaS (Ransomware as a Service) platform.

Some Details about a '.BadNews File Extension' Ransomware Attack

The '.BadNews File Extension' Ransomware is delivered to its victims through the use of damaged spam email attachments, which are shown as Microsoft Office files with corrupted embedded scripts that download and install the '.BadNews File Extension' Ransomware onto the victim's computer. The '.BadNews File Extension' Ransomware works by encrypting the victim's files, using a strong encryption algorithm. The '.BadNews File Extension' Ransomware marks the files encrypted by the attack by adding the following extension to each compromised file:

.ID [12 random chars].BadNews

The following are the file types that are commonly affected by threats like the '.BadNews File Extension' Ransomware:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar

The '.BadNews File Extension' Ransomware's Ransom Demands

Criminals may make money from threats like the '.BadNews File Extension' Ransomware by demanding ransom payments. The '.BadNews File Extension' Ransomware will change the infected computer's desktop wallpaper image and drop an HTA file on the victim's computer. This HTA file is named 'How To Decode Files.hta' and displays the following message on the victim's computer:

'ALL DATA ON THIS PC HAS BEEN ENCRYPTED
Your
ID [random characters]
To get the decryptor you should:
Send 1 test image or text file to BM-2cTAPjtTkqiW2twtykGm5mtocFAz7g517c@bitmessage.ch.
In the letter include your personal ID (look at the beginningof this document).
We will give you the decrypted file and say price fordecryption all files
after payment you will receive a decryptor and instructions
We can decrypt one file in quality the evidence that we have thedecoder.
Attention!!!
Only BM-2cTAPjtTkqiW2twtykGm5mtocFAz7g5FZc@bitmessage.ch can decryptyour files
Do not trust anyone BM-2cTAPjtTkqiW2twtykGm5mtocFAz7g5FZc@bitmessage.ch
Attempts to self-decrypting files will result in the loss ofyour data
Decoders for other Ins are not compatible with your ID data,because each user's unique encryption key'

Computer users should refrain from paying the '.BadNews File Extension' Ransomware ransom and supporting these criminal activities. Instead, computer users should take precautions against threats like the '.BadNews File Extension' Ransomware. The best precautionary measure against these threats is to have file backups stored on the cloud or an external memory device, which can be used to replace any files compromised by the '.BadNews File Extension' Ransomware attack.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.