Billy's Apocalypse Ransomware
The Billy's Apocalypse Ransomware is a crypto locker malware that aims to infiltrate the victim's computer, encrypt the files stored on it, and extort money for their decryption. This particular malware threat appears to be a nearly identical copy of the BlackClaw Ransomware. The major difference is that the files encrypted by Billy's Apocalypse Ransomware have ".apocalypse" added as a new extension to their file names, while the BlackClaw used ".bclaw" as an extension. Upon successful encryption of the targeted files, two files containing named "RECOVER YOUR FILES.txt" and "RECOVER YOUR FILES.hta" will be created into every folder containing encrypted files. In addition, a pop-up window containing text nearly identical to the note in the text files will be displayed.
Unlike the majority of ransomware threats, the criminals behind the Billy's Apocalypse Ransomware do not provide their victims with an email address for contact. Instead, they want the affected users to message them through Telegram on the following account: T.me/billy_got. In a bit of confusion, however, the cybercriminals tell their victims to send $100 in Bitcoin, if the instructions displayed in the pop-up window are to be believed, but, if the unfortunate victims follow the note in the text file, they will notice that the demand is for $50 in Bitcoin. In one of the text files, the hackers also threaten to double the price if 48 hours pass without any contact from the victim.
The full text of the "RECOVER YOUR FILES.hta" file is:
'All your files have been encrypted (WITH AES+RSA) due to a security problem with your PC.
contact us via Telegram. We will reply within 5 minutes: T.me\billy_gotSend 50$ to Bitcoin: 1GuxVaa3QqeyXGc13MFzmasMRK7HZwbA18
Include this id in your message or Telegram: -YOU HAVE ONLY 48 HOURS TO CONTACT US. WHEN THIS TIME ENDS THE PRICE WILL BE TWICE AS MUCH
# ATTENTION !!!
DO NOT RENAME THE FILES.'
The text contained in the "RECOVER YOUR FILES.txt" file is:
'All your files have been encrypted!
All your files have been encrypted (WITH AES+RSA) due to a security problem with your PC. Contact us via telegram. We will reply within 5 minutes: T.me/billy_got
Send 100$ to Bitcoin: 1GuxVaa3QqeyXGc13MFzmasMRK7HZwbA18
Include this id in your message or telegram:
-
YOU HAVE ONLY 48 HOURS TO CONTACT US. WHEN THIS TIME ENDS THE PRICE WILL BE TWICE AS MUCH1d 23h 53m 55s
# How to obtain Bitcoin
The easiest way to buy Bitcoin in Localbitcoins.com website.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginner guide here:
hxxps://www.coindesk.com/learn/bitcoin-101/how-can-i-buy-bitcoins# ATTENTION !!!
DO NOT RENAME THE FILES.
APOCALYPSE RANSOMWARE.'
