BASS-FES Ransomware
The BASS-FES Ransomware is an encryption ransomware Trojan that belongs to the HiddenTear family of ransomware. HiddenTear is an open source ransomware platform that was released in 2015. Since its initial release, there have been countless variants of HiddenTear, all of them carrying out effective ransomware attacks onto their victims. These infections are designed to take victims' files hostage, encrypting the victim's files with a powerful encryption method and then demanding the payment of a ransom in exchange for the decryption key necessary to restore the affected files. Like most encryption ransomware Trojans active today, the BASS-FES Ransomware is typically delivered to victims through corrupted spam email attachments.
Table of Contents
The BASS-FES Ransomware can Affect Your Most Necessary Files
The BASS-FES Ransomware was first observed on November 17, 2017, being distributed through corrupted email attachments. These files used macro scripts that download and install the BASS-FES Ransomware onto the victim's computer. Once installed, the BASS-FES Ransomware uses a combination of the AES and RSA encryption to make the victim's files completely inaccessible. Once the BASS-FES Ransomware encrupts a file, it cannot be restored without the decryption key, which the cybercrooks hold in their possession. The BASS-FES Ransomware targets the files that are associated with commonly used software or that are user-generated, while avoiding the Windows system files. Examples of the files types that may be targeted by ransomware Trojans like the BASS-FES Ransomware include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The BASS-FES Ransomware adds the file extension '.basslock' to the files it encrypts, which will be added to the end of each encrypted file's name.
How the BASS-FES Ransomware Demands a Ransom Payment
The BASS-FES Ransomware delivers a ransom note demanding payment from the victim after encrypting the victim's files. To do this, the BASS-FES Ransomware drops a text file on the victim's desktop. This file, named 'BASS File Encryption Service Notice.txt' contains the following text:
'File Recovery Notice by BitchASS File Encryption System (BASS-FES)
Your files have been successfully encrypted and backuped in the cloud storage by BASS File Encryption System.
If you want to recover your files, please send 1 BTC to the following adress:
[RANDOM CHARCTERS]
If you sent 1 BTC to the adress, email at bitchasshole@protonmail.com with your Bitcoin adress.
The ransom amount that the BASS-FES Ransomware demands, 1 Bitcoin, is equivalent to approximately 8,200 USD currently. Infected computer users should avoid negotiating with the cybercrooks, paying the ransom, or contacting them to the email address mentioned in tactic BASS-FES Ransomware ransom message.
Dealing with the BASS-FES Ransomware
Unfortunately, the BASS-FES Ransomware uses a highly secure encryption method, and the files encrypted by the BASS-FES Ransomware and similar threats cannot be restored without the decryption key. Computer users that want to protect themselves and their machines against the BASS-FES Ransomware and similar threats should have file backups on secure locations, outside the infected computer. Preventive measures can help make sure that the affected files can be restored after an attack. A security program that is fully up-to-date combined with file backups is the best way to deal with threats like the BASS-FES Ransomware, as well as the countless other encryption ransomware Trojans active today.
