Bam! Ransomware

The Bam! Ransomware is an encryption ransomware Trojan. PC security researchers first observed the Bam! Ransomware in the last week of July of 2017. The Bam! Ransomware is being delivered to victims through the use of spam email messages, which will include corrupted file attachments that will download and install the Bam! Ransomware on the victim's computer.

The Bam! Ransomware Infection can’t be Prevented Before the Files’ Encryption

The Bam! Ransomware version that is circulating currently is not particularly sophisticated, and it is possible that this version of the Bam! Ransomware is an early version of a ransomware Trojan still in development. One of the reasons why it is suspected that the Bam! Ransomware is not a full version in its current state is that its encryption routine is not well executed particularly. The Bam! Ransomware will encrypt the victim's files after displaying the ransom note (instead of the opposite order, which does not give the victim the opportunity to prevent the encryption before it happens).

The Bam! Ransomware uses the AES encryption to make the victim's files inaccessible. The files encrypted by the Bam! Ransomware attack will be marked with the file extension '.bam!' which is added to the end of each affected file's name. Computer users can interrupt the Bam! Ransomware attack by rebooting the affected computer as soon as the ransom notification is displayed on the infected computer's screen. This is why most ransomware Trojans wait until the victim's files are encrypted to display the ransom note alerting the victim of the attack.

The Ransom Notification Displayed by the Bam! Ransomware

As with most ransomware Trojans, the Bam! Ransomware's goal is to encrypt the victim's files and then demand the payment of a ransom in exchange for the decryption key necessary to recover the affected files. The following is the full text of the Bam! Ransomware ransom note:

'Your files will be lost on:
[24H COUNTDOWN TIMER]
YOUR COMPUTER AND FILES ARE
ENCRYPTED
Encryption was made with special crypto-code!
There are NO CHANCE to decrypt it without our
special software and your unique private key!
To buy software. You need to contact us by Email
1. abc@xyz.com
2. acc@xyz.com'

If computer users reboot their computers into Safe Mode and disable its Internet connection, this will stop the Bam! Ransomware from carrying out its encryption routine. In fact, if computer users are fast enough, it is unlikely that the Bam! Ransomware will encrypt more than a couple of files. Apart from this flaw in the Bam! Ransomware's code, however, the Bam! Ransomware does use a strong encryption method, and the files encrypted by the Bam! Ransomware attack are not recoverable using traditional means. Make sure that you have file backups, which are the best protection against ransomware Trojans like the Bam! Ransomware since they take away any power the con artists have to demand ransom payments after encrypting victims' files.

Dealing with a Bam! Ransomware Attack

While this method will not work with most ransomware Trojans, rebooting the computer immediately after the Bam! Ransomware's ransom note is displayed will stop this threat from carrying out its encryption method. The Bam! Ransomware may be linked to a backdoor Trojan or other security issues on the infected computer. This is why PC security researchers strongly advise computer users to scan their computers with a reliable, fully updated anti-malware application after removing the Bam! Ransomware Trojan itself. Take preventive measures and have a reliable backup system to ensure that these attacks are not the end of the world. Since threats like the Bam! Ransomware may invade a computer using corrupted spam email attachments, the best protection against these threats is to use a reliable anti-spam filter and learn how to handle these email messages and attachments responsibly.