BatHelp@protonmail.com Ransomware
The 'BatHelp@protonmail.com' Ransomware is an encryption ransomware Trojan that is related to the Matrix Ransomware, a previously observed ransomware threat. The 'BatHelp@protonmail.com' Ransomware was first observed on July 31, 2018, and is nearly identical to the previous version of this threat. It is crucial to protect your computer from threats like the 'BatHelp@protonmail.com' Ransomware.
How the 'BatHelp@protonmail.com' Ransomware Attacks a Computer
The 'BatHelp@protonmail.com' Ransomware is delivered to the victim's computer through a spam email message containing a corrupted, embedded macro that downloads and installs the 'BatHelp@protonmail.com' Ransomware onto the victim's computer. Once the 'BatHelp@protonmail.com' Ransomware has been installed, it will target the user-generated files in its attack, using a strong encryption algorithm to make the files inaccessible. Threats like the 'BatHelp@protonmail.com' Ransomware will target the subsequent files in their attacks:
.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.
The 'BatHelp@protonmail.com' Ransomware renames the targeted files with the addition of the string '[BatHelp@protonmail.com].-.CORE' to the end of the files' names. The 'BatHelp@protonmail.com' Ransomware delivers a ransom note in the form of an RTF file named '#CORE_README#.rtf' dropped on the infected computer's desktop. The 'BatHelp@protonmail.com' Ransomware has been associated with several ransom notes, including the following:
'HOW TO RECOVER YOUR FILES INSTRUCTION
ATENTION!!!
We are really sorry to inform you that ALL YOUR FILES WERE ENCRYPTED by our automatic software. It became possible because of bad server security.
ATENTION!!!
Please don't worry, we can help you to RESTORE your server to original state and decrypt all your files quickly and safely!
INFORMATION!!!
Files are not broken!!! Files were encrypted with AES-128+RSA-2048 crypto algorithms. There is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automatically DELETED
AFTER 7 DAYS! You will irrevocably lose all your data! ' Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!
Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.
HOW TO RECOVER FILES???
Please write us to the e-mail (write on English or use professional translator): AskHelp@protonmail.com
AskHelp@tutanota.com
AskHelp@india.com
You have to send your message on each of our 3 emails due to the fact that the message may not reach their intended recipient for a variety of reasons!
In subject line write your personal ID:
[random characters]
We recommend you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files.
Please note that files must not contain any valuable information and their total size must be less than 5Mb.
OUR ADVICE!!!
Please be sure that we will find common language. We will restore all the data and give you recommendations how to configure the protection of your server.
We will definitely reach an agreement;] !!!
ALTERNATIVE COMMUNICATION
If you did not receive the answer from the aforecited emails for more then 24 hours please send us Bitmessages from a web browser through the webpage hxxps://bitmessage[.]me. Below is a tutorial on how to send bitmessage via web browser: 1. Open in your browser the link hxxps://bitmse[.]me/users/sign_up and make the registration by entering name email and password.
2. You must confirm the registration, return to your email and follow the instructions that were sent to you.
3. Return to site and click "Login" label or use link hxxps://bitmse[.]me/users/sign_in, enter your email and password and click the "Sign in" button.
4. Click the "Create Random address' button.
5. Click the "New massage" button.
6. Sending message: To: Enter address: BM-[random characters]
Subject: Enter your ID:
In Message: Describe what you think necessary.
Click the "Send message' button.'
Dealing with the 'BatHelp@protonmail.com' Ransomware Infections
If the ‘BatHelp@protonmail.com’ Ransomware has compromised your files, the advice from malware researchers is to use file backups to replace any compromised files. The 'BatHelp@protonmail.com' Ransomware can be stopped from being installed by a respected anti-malware product. It also is necessary to learn to recognize and deal with spam email attachments, and hoaxes often used to deliver the 'BatHelp@protonmail.com' Ransomware.
