Basn Ransomware
The Basn malicious threat has been identified as a type of malware known as ransomware by infosec researchers. Ransomware is a type of malware that encrypts data and demands payment of a ransom in exchange for decryption.
If Basn Ransomware manages to successfully infiltrate a victim's device, it will initiate an encryption process that will impact most of the files stored on the system. In addition, the threat will append their original filenames with a '.basn' extension. For instance, a file named '1.doc' would become '1.doc.basn' after encryption, while '2.png' would become '2.png.basn,' and so on.
The ransomware then delivers a ransom note titled 'unlock your files.txt' and drops it onto the desktop of the breached device. The content of the message indicated that the Basn Ransomware is designed to target business entities rather than individual home users.
Basn Ransomware Takes Victims' Data Hostage
The victims of a ransomware attack are notified through a ransom note that their company network has been compromised and their files have been encrypted. The ransom note also indicates that sensitive data has been exfiltrated from their system. This indicates that the threat actors a running a double-extortion operation in order to maximize the pressure on the victims to pay the demanded ransom. The attackers state that the ransom payment must be made in Bitcoin or Monero cryptocurrency. In exchange, they will supposedly provide the impacted entities with a decryption tool for the affected files and won't release the stolen data to the public.
Based on extensive research into ransomware attacks, it has been found that in most cases, decryption without the assistance of the attackers is unlikely. Exceptions exist only in instances where the ransomware threat itself is flawed. Even if the ransom payment is made, victims often do not receive the decryption keys or tools to recover their data. Therefore, it is strongly advised against paying the ransom as there is no guarantee of data recovery, and it only encourages criminal activities.
Steps To Prevent Ransomware Threats like Basn Ransomware from Locking Your Data
Stopping ransomware threats from encrypting data is a critical aspect of protecting against these attacks. The first and most important step that users can take is to implement preventive measures, such as maintaining strong security practices, keeping software up to date, and limiting the use of administrator privileges.
Users can also minimize their attack surface by limiting their network and data access to only necessary and authorized parties. Regularly backing up data and storing it in a secure and isolated location is also essential, as it enables users to recover their data if the ransomware encrypts the original files.
Furthermore, users should be wary of suspicious emails, attachments, and links, as these are common attack vectors for ransomware. It is crucial to avoid clicking on links or downloading attachments from unknown or untrusted sources, as these may contain malware that can infect the system.
In summary, to prevent ransomware attacks from encrypting data, users need to implement a combination of security measures, keep their software up to date, limit their network and data access, regularly back up their data, and exercise caution when interacting with suspicious emails and links.
The full text of the ransom message delivered by Basn Ransomware is:
Hello, your company's computer is encrypted by me, and the database and data are downloaded. If you do not want me to disclose these materials, you must pay me a ransom. After receiving the ransom, I will delete all downloaded files and help you decrypt your computer, otherwise If we do, we will disclose these materials and your company will face unprecedented repercussions.
We only work for money and do not destroy your network, and we are very honest. After receiving the ransom, we will also provide you with information about the vulnerability of your system to help you fix the vulnerability to avoid re-attacks.
If you doubt our ability to decrypt files, you can send me some encrypted files and I will decrypt them to prove it.
Please pay the ransom in Bitcoin or Monero.
Please use TOX to contact me or email me.
Email:DavidTIzzo@dnmx.org
TOX:F2274FB1619F122E2B8005C3CC6F63215D4DC6E E6E3937278BA6CE1A199F5A0F5A8E248BF5BE
TOX Download:hxxps://tox.chat/download.html
