Beets Ransomware

Another variant of the infamous Dharma Ransomware has been spotted recently. This new threat was dubbed the Beets Ransomware. It is a fairly common technique for hackers to base their creations on already existing ransomware threats, which have proven to be successful in extorting money.

The infection vector employed by the creators of the Beets Ransomware is not confirmed, yet it is speculated that the cyber crooks may be spreading their threat via fake updates, spam emails containing infected files and pirated software. When the Beets Ransomware infects a system, it will begin a scan. The scan aims to detect the files, which will later be encrypted by this data-locking Trojan. When the Beets Ransomware has located the files in question, it will begin encrypting them. Then, once the encryption process is completed, you will notice that the names of the files affected have been altered. The Beets Ransomware applies the same pattern that all Dharma Ransomware (also known as Crysis) variants apply as an extension - '.id-.[vombombom@cock.li].beets.' Then, the Beets Ransomware will drop a ransom note. It is likely that the name of the file would be 'FILES ENCRYPTED.txt' as this is another pattern, which most ransomware threats from the Dharma Ransomware family follow. The note is rather vague; the attackers do not mention what the ransom fee demanded is. However, they insist on being contacted via email at their email address – 'vombombom@cock.li'.

We would recommend strongly that you do not contact or pay cybercriminals. It is highly likely that your hard earned cash will go to waste as such individuals deliver on what they promise rarely. A much safer option is to clear your computer of the Beets Ransomware using a reputable anti-spyware tool.