Baliluware Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | March 8, 2018 |
| Last Seen: | April 18, 2018 |
| OS(es) Affected: | Windows |
The Baliluware Ransomware is an encryption ransomware Trojan. These threat types are designed to take advantage of inexperienced computer users, using a strong encryption algorithm to encrypt the victim's files, which makes them inaccessible, and then demanding the payment of a ransom from the victim. There has been a noticeable elevation in the number of the Baliluware Ransomware attacks in the last year, due to the increased abundance of open source ransomware engines and RaaS (Ransomware as a service) platforms specifically, which allow the cybercrooks to create their own custom ransomware versions to carry out attacks.
Table of Contents
Symptoms of a Baliluware Ransomware Infection
The Baliluware Ransomware is based on HiddenTear, an open source ransomware platform that has been available since August 2015. Since HiddenTear was released, it has been responsible for countless ransomware variants. The Baliluware Ransomware, just one more of these variants, was first observed on February 23, 2018, and studied by PC security researchers. The Baliluware Ransomware is typically delivered to victims through the use of spam email messages, which will contain a file attachment with embedded macro scripts that download and install the Baliluware Ransomware onto the victim's computer. Because of this, learning to handle spam email messages and these unwanted file attachments safely is a crucial part of preventing threat attacks like the Baliluware Ransomware.
How the Baliluware Ransomware Carries out Its Attack
Once the Baliluware Ransomware is installed on the victim's computer, it will use a strong encryption algorithm to encrypt the victim's files. The Baliluware Ransomware will search for the user-generated files, targeting a wide variety of file types while avoiding the Windows system files. This is because the Baliluware Ransomware requires Windows to remain functional so that the victim can read a ransom note and pay the ransom amount. The following are the file types that may be encrypted by the Baliluware Ransomware attack, as well as in other HiddenTear variants:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The Baliluware Ransomware will mark the files encrypted by its attack with the following file extension, which it will add to the file's name:
'.YOU-ARE-FUCKED-BY-BALILUWARE-(CODED-BY-HEROPOINT)'
There is nothing to differentiate the Baliluware Ransomware from the many other ransomware Trojans based on the HiddenTear platform. The Baliluware Ransomware will not deliver a ransom note after encrypting the victim's files so that there is no way for the victims of the Baliluware Ransomware attack to contact the cybercrooks or recover their files. This is just as well since in most cases of ransomware Trojan infections, the victims will not recover their files even after they make the ransom payment.
Protecting Your Data from the Baliluware Ransomware and Other HiddenTear Variants
The best protection against the Baliluware Ransomware and other ransomware Trojans that use a similar attack is to have file backups on the cloud or an external memory device. Malware experts advise computer users to have file backups on the cloud or an external memory device. Having the ability to restore the files from a backup means that victims do not need to pay a ransom since it will remove any leverage that the extortionists have that allows them to stipulate a ransom payment from the victim. Having file backups, combined with a reliable security program that is fully up-to-date is the best protection against the Baliluware Ransomware and similar threats.
