'biashabtc@redchan.it' Ransomware
It is apparent that Dharma Ransomware has remained as popular as ever among cybercriminals with new ransomware threats based on it being discovered almost daily. One of the latest malware that can be attributed to being a part of the Dharma Ransomware malware family is the 'biashabtc@redchan.it' Ransomware. This new threat's behavior doesn't deviate from what is the norm when it comes to Dharma. The 'biashabtc@redchan.it' Ransomware uses powerful cryptographic algorithms to encrypt the compromised system files and render them unusable. Every encrypted file will have its name changed significantly - a unique ID assigned to the specific victim, followed by the email address 'biashabtc@redchan.it', and finally '.arrow' will be appended to the original filename. To minimize the chances of the affected users somehow missing the fact that their files are no longer accessible, 'biashabtc@redchan.it' Ransomware delivers its ransom note in two forms. One is a text file named 'FILES ENCRYPTED.txt,' while the other is a pop-up window.
It's clear that the Dharma family of ransomware isn't going anywhere soon. Cybercriminals continue to push out new versions of the ransomware on an almost daily basis. One of the latest versions of Dharma ransomware is the 'biashabtc@redchan.it' Ransomware, also known simply as Arrow Ransomware.
The new threat doesn't behave that much differently from the rest of its Dharma family members. The ransomware finds essential data on a target computer and encrypts it using robust cryptographic algorithms to make them inaccessible. The infected files stand out thanks to their new file name. The files receive a unique ID individual to the victim, along with the email address 'biashabtc@redchan.it' and, last but not least, a ".arrow" file extension.
The text files contain the bare minimum of information, simply telling the victims to contact the 'biashabtc@redchan.it' email. The main instructions from the criminals are found on the pop-up window. There they specify that the ransom must be paid in Bitcoin, while the specific amount will depend on how quickly the victims initiate communication. Up to five files that do not exceed 10MB in size total also can be sent to be decrypted for free.
While it may seem counterintuitive, cybersecurity experts recommend against following the hackers' demands, as this will only serve to further their unsafe activities. Instead, victims of the 'biashabtc@redchan.it' Ransomware should look for an appropriate backup from which to restore the files. However, it is paramount that before using the backup, they have cleaned the compromised computer from all malware threats by using a professional anti-malware program.
The text displayed in the pop-up windows is:
'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the email 'biashabtc@redchan.it'
Write this ID in the title of your message -
In case of no answer in 24 hours write us to theese emails:'biashabtc@redchan.it'
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
The message from the text files is:
'all your data has been locked us
You want to return?
write email blashabtc@redchan.it.'
The text file offers a bare minimum version of the information in the pop-up, telling victims to contact the email address to find out more. Victims are told to pay the ransom using Bitcoin. The size of the ransom depends on how quickly a victim gets in touch. The hackers also promise to decrypt up to five small files as a sign of good faith that their decryption tool works.
It sounds counterproductive, but security experts advise against paying the ransom and even contacting the attackers in the first place. Giving in to their demands will only encourage them to scam other people. Rather, victims of Arrow ransomware should instead remove the infection from their computer and use a data backup to restore their files.
How Does 'biashabtc@redchan.it' Get on Computers?
Hackers have several tools at their disposal for infecting computers. The most common infection methods are malspam campaigns, malicious download channels, trojan viruses, software activation tools, and fake software updates.
Malspam is when attackers send out thousands of emails with infected attachments or malicious links. These emails are often disguised as coming from trusted official sources with important information or news. When people open an attachment or link on a spam email, it infects their computer. Malware is distributed as PDF files, Microsoft Office documents and spreadsheets, JavaScript files, archive files, and executable files.
Unofficial download pages, third-party downloaders, free file hosting, freeware download sites, and peer-to-peer networks are also common distribution channels. When users download an infected file from one of these sources and run it, they infect their computer with malware.
Trojan viruses are designed to cause chain infections on a host computer. These are small viruses adept at slipping through security cracks and installing more dangerous viruses that would never get in otherwise.
Software cracking and activation tools are programs designed to activate licensed software. More often than not, these programs will install malicious software on top of – or instead of – activating the software as promised. Fake software updates work similarly. They promise to remove software vulnerabilities while instead exploiting them to install 'biashabtc@redchan.it'.
How to Protect Your Computer Against Infections
You can start to protect your computer by not opening emails from suspicious and unknown sources. You should also avoid using third-party downloaders and installers for your software. Avoid using illegally downloaded software and activation tools, too, as these are known infection methods. Ensure that the software you install is regularly updated, along with your computer operating system. These updates patch out vulnerabilities used by hackers. Finally, install robust antivirus software and regularly scan your computer for viruses to keep it clean.
