BananaCrypt Ransomware

The BananaCrypt Ransomware is an encryption ransomware Trojan that was first observed on February 19, 2018. The BananaCrypt Ransomware functions in a manner that is nearly identical to most encryption ransomware Trojans. The BananaCrypt Ransomware takes the victim's files hostage in an attempt to extract a ransom payment to return access to the affected files. Ransomware Trojans like the BananaCrypt Ransomware are significant threats so that computer users need to take steps to protect their data from these threats.

How Threats Like the BananaCrypt Ransomware may be Distributed

The BananaCrypt Ransomware favored distribution method is through the use of corrupted email attachments. The cybercrooks will send out spam email messages with damaged attached Microsoft Word files. These files contain embedded macro scripts that download and install the BananaCrypt Ransomware onto the victim's computer. Threats like the BananaCrypt Ransomware can be delivered in a variety of other ways, including hacking into the victims' computers directly, through fake file downloads or unsafe online ads.

How the BananaCrypt Ransomware Carries out Its Attack

Once the BananaCrypt Ransomware is installed, the BananaCrypt Ransomware will scan the victim's computer for file types with certain extensions. The BananaCrypt Ransomware searches for the user-generated files, which may include texts, images, videos, audio, databases, and numerous others, usually limited only by the file size. The BananaCrypt Ransomware will use a strong encryption algorithm to make these files inaccessible, and rename them by adding the file extension '.bananaCrypt' to the file's name. The following are some of the file types that will usually be compromised by the BananaCrypt Ransomware attack:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The BananaCrypt Ransomware’s Ransom Demand

Once the BananaCrypt Ransomware has finished encrypting the victim's files, the BananaCrypt Ransomware will deliver its ransom note. The BananaCrypt Ransomware will display a program window on the infected computer that contains the following short message:

'Open readme.txt on your desktop and agree with the instructions to decrypt your files.'

The 'ReadMe.txt' file dropped on the infected computer's Desktop, contains the following ransom demand:

'!!!What happened!!!!
Your files have been decrypted using a unique key, generated for this computer
Send 300 USD worth of bitcoin to the address below to obtain your key to decrypt your files
Address: asdffdsaasdf
Dont waste your time looking for a way to decrypt your files. This is only possible using our decrypter'

It is clear that the BananaCrypt Ransomware is unfinished since it seems that its victims do not have an actual way of contacting the cybercrooks or making the ransom payment mentioned in the note. However, the BananaCrypt Ransomware is capable of compromising victims' files and, once these have been encrypted they, unfortunately, become unrecoverable.

Protecting Your Data from Threats Like the BananaCrypt Ransomware

It is indispensable that computer users take steps to protect their data from threats like the BananaCrypt Ransomware. The best protection against the BananaCrypt Ransomware and similar threats is to have file backups on an unmapped memory device. These, coupled with a reliable security program that is fully up-to-date, can help protect computer users from threats like the BananaCrypt Ransomware.