bDAT Ransomware
Cybersecurity researchers are warning users and organizations about another variant belonging to the infamous Dharma Ransomware family, named the bDAT Ransomware, which could be deployed as part of attack operations. Ransomware threats are designed specifically to lock the data found on the systems they infect. These threats typically utilize uncrackable cryptographic algorithms to ensure that all locked files will be impossible to recover without the victims buying the proper decryption keys.
The names of the encrypted files will be modified by the threat. First, the bDAT Ransomware will append to them an ID string created for the particular victim. Next, the threat will add the 'bkpdata@msgsafe.io' email address. Finally, '.bDAT' will be placed as a new file extension. Two ransom-demanding messages will be dropped on the breached devices. One will be delivered as a text file named 'info.txt,' while the other will be shown as a pop-up window.
The instructions found inside the text file are extremely brief, just telling victims to contact either 'bkpdata@msgsafe.io' or 'bkpdata@onionmail.org' email addresses. The pop-up window contains a longer message but it also fails to provide many important details. The note mainly reiterates the same two email addresses, while also including a section with various warnings.
The ransom note of the bDAT Ransomware is:
'YOUR FILES ARE ENCRYPTED
1024
Don't worry, you can return all your files!
If you want to restore them, write to the mail: bkpdata@msgsafe.io YOUR ID
If you have not answered by mail within 12 hours, write to us by another mail:bkpdata@onionmail.orgATTENTION!
We recommend you contact us directly to avoid overpaying agents
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
The text file delivers the following message:
'all your data has been locked us
You want to return?
write email bkpdata@msgsafe.io or bkpdata@onionmail.org'
