BaYuCheng@yeah.net Ransomware
The BaYuCheng@yeah.net Ransomware is an encryption ransomware Trojan that seems to be a recent variant of the XiaoBa Ransomware, a ransomware variant that was released in the final months of 2017. The BaYuCheng@yeah.net Ransomware was first observed on February 27, 2018, and seems to be nearly identical to previous versions in this threat family. There are only very slight modifications to the way the BaYuCheng@yeah.net Ransomware obfuscates its attack and the file structure of this threat. The BaYuCheng@yeah.net Ransomware attack is typical of these ransomware threats, taking the victims' files hostage and requiring ransom payments in exchange for the decryption key necessary to restore files compromised by the attack. The BaYuCheng@yeah.net Ransomware is delivered to victims through the use of email attachments, commonly delivered via fake email messages that impersonate emails from shipping companies, social media platforms or other legitimate sources.
Table of Contents
How the BaYuCheng@yeah.net Ransomware Trojan Attacks a Computer
The BaYuCheng@yeah.net Ransomware uses the AES 256 encryption to make the victims' files inaccessible. The BaYuCheng@yeah.net Ransomware will target the user-generated files in its attack, attempting to make files such as databases, spreadsheets, texts, videos, audio, photos, and numerous others inaccessible to the victim. The BaYuCheng@yeah.net Ransomware's goal is to take the victim's files hostage until the victim pays a ransom. The following are the types of files that are typically encrypted by ransomware attacks like the BaYuCheng@yeah.net Ransomware:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The BaYuCheng@yeah.net Ransomware may skip certain file types that are often targeted by other encryption ransomware Trojans. The BaYuCheng@yeah.net Ransomware will mark the files encrypted by the attack, adding the file extension '.Encrypted[BaYuCheng@yeah.net].XiaBa' to each affected file's name.
How the Cybercrooks may Profit from Attacks Like the BaYuCheng@yeah.net Ransomware
The BaYuCheng@yeah.net Ransomware's main purpose is to generate profits at the expense of the victim. The BaYuCheng@yeah.net Ransomware will display a program window that is created by an HTA file named '_XiaoBa_Info_.hta,' which is dropped onto the victim's computer after the files' encryption. The BaYuCheng@yeah.net Ransomware delivers a ransom note to the victim, which is typical of these attacks, and seems to imitate the ransom note delivered by the Globe family of ransomware, a well-known variety of encryption ransomware Trojans. The BaYuCheng@yeah.net Ransomware's ransom note is identical to previous variants of this attack, and only changes the email address contained in the BaYuCheng@yeah.net Ransomware's file extensions. The cybercrooks ask the victims to pay to purchase a 'XiaoBa Decryptor' and asks them to communicate with the cybercrooks via a QQ number (3047861776). QQ is a popular social network in China that allows users to carry out money transactions.
Dealing with the BaYuCheng@yeah.net Ransomware
PC security researchers ask computer users to refrain from paying the BaYuCheng@yeah.net Ransomware ransom or contacting the extortionists responsible for this attack. Apart from not having a guarantee that the cybercrooks will deliver the decryption key or help victims recover from the attack, paying these ransoms allows third parties to continue developing and releasing new ransomware variants. Malware researchers'solution to this situation is the use of file backups and a reliable security program that is fully up-to-date to ensure that their data is safe from threats like the BaYuCheng@yeah.net Ransomware.
