'.Bear File Extension' Ransomware

The '.Bear File Extension' Ransomware is an encryption ransomware Trojan that was first observed on November 16, 2018. The first attacks associated with the '.Bear File Extension' Ransomware that were reported took place in Italy and Brazil. The '.Bear File Extension' Ransomware seems to have been developed as a hybrid of the Dharma 2017 and Crysis, two ransomware families that have been combined in a string of ransomware attacks that have taken place in the fall of 2018.

Why You should Avoid Being Infected by the '.Bear File Extension' Ransomware

The '.Bear File Extension' Ransomware, like its many predecessors, will encrypt the victim's files in demand a ransom payment. Typically, the '.Bear File Extension' Ransomware is delivered to the victim's computer using corrupted email spam attachments, commonly in the form of DOCX files with embedded macro scripts. The '.Bear File Extension' Ransomware targets the user-generated files in these attacks, targeting a wide variety of media files, document types and databases. The examples mentioned by security experts of the files that threats like the '.Bear File Extension' Ransomware target in these attacks include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

PC security researchers uncovered several variants in this tactic throughout 2018, all carrying out the same basic attack. The '.Bear File Extension' Ransomware delivers its ransom note in the form of a text file named 'FILES ENCRYPTED.txt,' which delivers the following message to the victim of the '.Bear File Extension' Ransomware attack:

'all your data has been locked us
You want to return?
write email grizzly@airmail.cc'

When the '.Bear File Extension' Ransomware encrypts the files, they will be completely unusable, and the names will be scrambled and replaced with random characters, the '.Bear File Extension' Ransomware's contact email address and the file extension '.bear.'

Protecting Your Data from Threats Like the '.Bear File Extension' Ransomware

The best protection against threats like the '.Bear File Extension' Ransomware is to have file backup, which would allow the option of restoring any data compromised by the '.Bear File Extension' Ransomware attack. Apart from file backups, computer users should have a dedicated security program capable of detecting and removing the '.Bear File Extension' Ransomware before it manages to compromise the victim's data. Unfortunately, once the victim's files have been encrypted by the '.Bear File Extension' Ransomware, they will no longer be recoverable without the decryption key, held by the criminals. However, they cannot be relied on to provide this decryption key after a ransom payment.