Basilisque Ransomware
The Basilisque Ransomware, also known as "Basilisque Locker," is highly-effective ransomware that tries to encrypt a user's data and demand a ransom in return for unlocking it. The Basilisque Ransomware is different to other ransomware slightly in that it targets servers rather than regular home computers. Server machines can be a higher-value target as they are usually employed for commercial uses rather than home computing needs and as such, hold more valuable data. The Basilisque Ransomware encrypts files on the system, renames them with a random string, and adds the extension ".basilisque@protonmail_com." For example, "abc.xyz" would become "BaldsfjKJ@#&sdljf23hj.basilisque@protonmail_com." It also delivers a ransom note on the desktop and affected folders. This file is usually called "HOW_TO_DECRYPT.txt."
Table of Contents
How the Basilisque Ransomware is Distributed
The Basilisque Ransomware is distributed using standard delivery techniques like spam email campaigns, fake download sites, corrupted files bundled with torrents and infected email attachments. Once a system is compromised, it uses RSA encryption methods to encrypt the data. This encryption technique requires a unique key without which decryption is impossible.
The attackers demand a ransom between $100 and $500 and the ransom note is unique in that it offers to decrypt single files for free as proof, but at the cost of $25 per file added to the ransom demanded. It also claims to delete the decryption key after a while, thus ensuring that the encrypted files will never be recovered.
Sample Ransom Note
'What happened to your files ?
All of your files were protected by a strong encryption with AES cbc-128 using Basilisque Locker!
What does this mean ?
This means that the structure and data within your files have been irrevocably changed,
you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.
Your unique id: -
Date of encrypt: -
What do I do ?
You can buy decryptor from us!
How much is it?
In first 24 hours after encryption - 100$
In three days - 150$
In 12 days - 250$
After(if it is still possible*) - 500$
But if you want to decrypt few files as a test check the price will be increased by $ 25 for every single file. (This is described in more detail below in FAQ p.3)
*We can delete keys as time passes.
How to buy?
1. First buy the bitcoins for the right amount. How to do this is written below.
2. Contact us by email usernamus@protonmail.com . Specify your ID in the subject.
3. You will get bitcoin wallet to pay.
4. Send bitcoins to wallet address from email(how to buy bitcoins read below in FAQ p.4)
5. When you pay, write to us again(don't forget to enter your ID in the subject of letter if you start new conversation)
6. You will get decryptor and instructions for it after you payment get 1 confirmation on blockchain
(this usually takes about 1 hour, but sometimes(rarely) it can take up to 24 hours).
7. If you don't get reply in 24 hours after you get payment or after 4 hours after you payment get confirmation or after 4 hours after first message(wallet ask) please contact us one of different ways listed in FAQ(2 part).
FAQ:
1.How much time do I have to pay for decryption?
You have 12 days to pay after you files was encrypted. Maybe after that you can also buy the decryptor, but maybe not, cause keys could be deleted after some time since the end of the term.
But remember - The faster you pay, the cheaper it will be.
The number of bitcoins for payment you can calc here hxxps://www.coingecko.com/en/coins/bitcoin
Keep in mind that some exchangers delay payment for 1-3 days!** Also keep in mind that Bitcoin is a very volatile currency, its rate can change very quickly. Therefore, we recommend that you make payment within a few hours.
But if you are mistaken for a couple of dollars - no big deal.
**In that case you can ask for discount(If exchanger caused a delay in payment.). For this you need to write to us immediately after you have learned about it and provide screenshots confirming your exchange
2.How to contact you?
a) Main contact is email - basilisque@protonmail.com . (Backup option: basilisque@secmail.pro )
b) Second contact is bitmessage ( hxxps://bitmessage.org/wiki/Main_Page ) - BM-NBaT69FJpQ2V8FVskyw7RdJ5FPvnRtcZ
Email is fastest, but bitmessage is the most reliable.
If you not get answer after 4 hours after first message(wallet ask) please use another contact. This may be cause email is dead. But we are sure that nothing will happen with bitmessage and you can get an answer there anyway.
3.What are the guarantees that I can decrypt my files after paying the ransom?
We can decrypt some test files for you if you don't believe us.
But it will raise the amount of ransom by $25 for every decrypted file and maximum time to pay will be decreased from 12 to 3 days. If you don't pay in 3 days, than you ransom will be increased to 500$ or keys will be deleted.
Important! The size of each file must be less than 5mb.
You will get uncrypted files back in few hours.
After this procedure you can make sure that we can decrypt all your files after paying the ransom.
We have no reason to deceive you after receiving the ransom, since we are not barbarians and moreover it will harm our business.
A few examples:
a)You paying in first 24 hours(100$) after encryption and don't want decrypt test files = 100$
b)You paying on 2nd(150$) day after ecryption and want to decrypt 1 test file(25$) = 175$
c)You paying on 4th(250$) day after encryption and want to decrypt 2 test file(25$*2) = 300$
d)You paying on 13th(500$) day after encryption(if it possible) and want to decrypt 3 test files(25$*3) = 575$
4.How do I pay the ransom?'
Protecting Yourself from the Basilisque Ransomware
Always make sure you know the source of any file downloaded from the Internet or email attachment. Even if the attachment is in an email from a friend, check to see if the address matches and the attachment belong to the email context. Malware can attach files to an email without the sender realizing it. Most email providers will mark a suspicious email as spam, or refuse to send or receive it at all. There are a lot of methods you can employ to protect yourself from malware or ransomware. However, no matter how you protect your data diligently, there is always a risk of infection. This is what makes it important that all your files are backed up regularly. If you work with files that are sensitive extremely, you should consider backing them up in the cloud (which makes multiple copies of every file, or even on a physical disk kept on a separate network or in a separate location altogether). Malware also can be included with torrents. Therefore, any executable files they may contain shouldn't be downloaded or opened.
My Device Has Been Infected. What do I do Now?
While a lot of tools purport to be able to remove malware or even decrypt encrypted data, usually this is nearly impossible to achieve. Anti-virus and anti-malware tools are updated almost daily to be able to recognize and delete the infected files, but there is always a risk that a file may be missed and manages to spread the malware again. Almost no "decryptor" tools ever work since the encryption methods employed usually rely on a secret key, without which it is impossible to decrypt the files. You can reach these tools by using the Google search, but any tool you download from the Internet should come from a reputed anti-virus company. Installing an application that can change or erase files can bring more parasites to your system.
NEVER agree with the payment of a ransom or make contact with criminals. There is very little chance that an attacker will contribute to bringing your data back. They may ask for more money or disappear if you pay them.
