'beatifulgirls@youknowmynameisbob.online' Ransomware

A growing number of cyber crooks try their luck with ransomware threats, as this type of malware can be easy to build and distribute. A large portion of ransomware authors simply borrow the code of existing threats of this kind and change it slightly to fit their needs. Recently, cybersecurity experts have spotted a new threat of this class - ‘beatifulgirls@youknowmynameisbob.online’ Ransomware.

Propagation and Encryption

After dissecting the threat, researchers found that the authors of the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware have used the template of the tellyouthepass Ransomware ransom note to create their own. Furthermore, it would appear that the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware applies the exact same encryption algorithm that the tellyouthepass Ransomware utilizes. The infection vector used in the propagation of the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware is yet to be uncovered. However, some experts speculate that the creators of this file-encrypting Trojan may be using spam email campaigns to spread this pest. Usually, you can accomplish this task with the help of a bogus message and a corrupted attached file that would trigger the execution of the threat.

Malvertising campaigns, torrent trackers, fake application downloads, and updates are other popular methods that authors of ransomware threats tend to utilize. The ‘beatifulgirls@youknowmynameisbob.online’ Ransomware goes after a wide variety of file types that are likely to be present on the system of any regular user – images, audio files, documents, videos, databases, archives, spreadsheets, etc. The ‘beatifulgirls@youknowmynameisbob.online’ Ransomware will make sure to apply an encryption algorithm to lock the targeted data securely. Upon locking the targeted files, the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware also will add an extra extension to their names - ‘.locked.’ This means that the victims of the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware will notice that all their data has the additional ‘.locked’ extension. For example, a file named ‘white-tile.jpg’ originally will be renamed to ‘white-tile.jpg.locked’ after the successful completion of the encryption process.

The Ransom Note

The next step is the exhibition of the ransom note. The ransom message of the attackers is located in a file named ‘README.html’ that will be dropped on the victim’s desktop. The authors of the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware state that they demand 0.15 Bitcoin (about $1,300 at the time of typing this post) as a ransom. In exchange for the ransom fee, the attackers promise to provide the user with a decryption tool. They give out their Bitcoin wallet address and the email address where they expect to be contacted - ‘beatifulgirls@youknowmynameisbob.online.’ The attackers advise users first to pay the ransom fee and then get in touch with them.

It is important to note that cooperating with cybercriminals is never a good idea. Not only is your money going to fund their criminal activities in the future, but there is no guarantee that you will be given the decryption key you need to recover your data. Instead, the victims of the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware should consider obtaining a reputable anti-spyware solution that will wipe out the ‘beatifulgirls@youknowmynameisbob.online’ Ransomware and provide security in the future.