'beatifulgirls@youknowmynameisbob.online' Ransomware

'beatifulgirls@youknowmynameisbob.online' Ransomware Description

A growing number of cyber crooks try their luck with ransomware threats, as this type of malware can be easy to build and distribute. A large portion of ransomware authors simply borrow the code of existing threats of this kind and change it slightly to fit their needs. Recently, cybersecurity experts have spotted a new threat of this class - ‘beatifulgirls@youknowmynameisbob.online’ Ransomware.

Propagation and Encryption

After dissecting the threat, researchers found that the authors of the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware have used the template of the tellyouthepass Ransomware ransom note to create their own. Furthermore, it would appear that the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware applies the exact same encryption algorithm that the tellyouthepass Ransomware utilizes. The infection vector used in the propagation of the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware is yet to be uncovered. However, some experts speculate that the creators of this file-encrypting Trojan may be using spam email campaigns to spread this pest. Usually, you can accomplish this task with the help of a bogus message and a corrupted attached file that would trigger the execution of the threat.

Malvertising campaigns, torrent trackers, fake application downloads, and updates are other popular methods that authors of ransomware threats tend to utilize. The ‘beatifulgirls@youknowmynameisbob.online’ Ransomware goes after a wide variety of file types that are likely to be present on the system of any regular user – images, audio files, documents, videos, databases, archives, spreadsheets, etc. The ‘beatifulgirls@youknowmynameisbob.online’ Ransomware will make sure to apply an encryption algorithm to lock the targeted data securely. Upon locking the targeted files, the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware also will add an extra extension to their names - ‘.locked.’ This means that the victims of the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware will notice that all their data has the additional ‘.locked’ extension. For example, a file named ‘white-tile.jpg’ originally will be renamed to ‘white-tile.jpg.locked’ after the successful completion of the encryption process.

The Ransom Note

The next step is the exhibition of the ransom note. The ransom message of the attackers is located in a file named ‘README.html’ that will be dropped on the victim’s desktop. The authors of the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware state that they demand 0.15 Bitcoin (about $1,300 at the time of typing this post) as a ransom. In exchange for the ransom fee, the attackers promise to provide the user with a decryption tool. They give out their Bitcoin wallet address and the email address where they expect to be contacted - ‘beatifulgirls@youknowmynameisbob.online.’ The attackers advise users first to pay the ransom fee and then get in touch with them.

It is important to note that cooperating with cybercriminals is never a good idea. Not only is your money going to fund their criminal activities in the future, but there is no guarantee that you will be given the decryption key you need to recover your data. Instead, the victims of the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware should consider obtaining a reputable anti-spyware solution that will wipe out the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware and provide security in the future.

Do You Suspect Your PC May Be Infected with 'beatifulgirls@youknowmynameisbob.online' Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like 'beatifulgirls@youknowmynameisbob.online' Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

One Comment

  • HBO :

    Op 9 januari ook van deze ransomeware slachtoffer geworden. Maar ja ik heb ofline mijn vms staan dus met een aar dagen data verlies alles weer hersteld. Bij mij kwam de hack binnen via VPN client protocol geregistreerd ip adres is van russische afkomst te weten ip adressen 92.63.194.82 t/m 84

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.