Threat Database Ransomware Beijing Ransomware

Beijing Ransomware

Despite the name given to it by infosec researchers, the Beijing Ransomware doesn't target users from China only. In fact, the crypto locker has global reach apparently, judging by some of the instructions left by the hackers in the ransom note. Although the Beijing Ransomware is not an entirely unique threat, it is a variant based on the LeakTheMall Ransomware, which doesn't diminish its ability to cause significant damage.

Any computer compromised by the Beijing Ransomware will be 'locked' effectively - the malware will render nearly all files stored on it by encrypting them with uncrackable encryption algorithms. Users will no longer be able to either access or use their private or business-related files. The threat appends '.beijing' as a new extension to every encrypted file. The customary ransom note is delivered as text files named '! RECOVER.txt.' which are dropped in every folder containing encrypted data.

The note's initial part sees the hackers attempting to convince their victims that they can indeed restore the 'locked' files. All that is required is for the affected user to send a bunch of money to these cybercriminals. First, however, the victim must send an email to either one of the provided email addresses - '' and '' The email must include the country and city of the user and the text file, delivering the ransom note as an attachment. Two encrypted files that must be text or pictures and do not exceed 1MB in size must also be part of the email to be decrypted for free.

It should be noted that there are no guarantees that the people capable of deploying such a ransomware threat will honor their part of the deal or that the decryptor tool that they may send will actually return the user's files to their previous state successfully.

The full text of the Beijing Ransomware's ransom note is:


Whats Happen?

Your files are encrypted, and currently unavailable. You can check it: all files on you computer has extension .beijing

By the way, everything is possible to restore, but you need to follow our instructions. Otherwise, you cant return your data (NEVER).

What guarantees?

It's just a business. We absolutely do not care about you and your deals, except getting benefits.

If we do not do our work and liabilities - nobody will not cooperate with us.

It's not in our interests.

If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key.

In practise - time is much more valuable than money.

What should You include in your message?

1. Your country and city

2. This TXT file

3. Some files for free decryption

Free decryption as guarantee!

Before paying you send us up to 2 files for free decryption.

Send pictures, text files. (files no more than 1mb)

If you upload the database, your price will be doubled


Your Personal ID:


Most Viewed