Birbware Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | October 18, 2018 |
| Last Seen: | July 23, 2019 |
| OS(es) Affected: | Windows |
The Birbware Ransomware is an encryption ransomware Trojan that PC security researchers first reported on October 17, 2018. The Birbware Ransomware is commonly delivered to victims through corrupted spam email attachments. Once the Birbware Ransomware is installed, the Birbware Ransomware carries out a typical encryption ransomware Trojan attack, taking the victim's files hostage and then demanding the payment of a ransom from the victim.
Table of Contents
How the Birbware Ransomware Infects a Computer
The Birbware Ransomware infection is typical of these attacks. The Birbware Ransomware, like most encryption ransomware Trojans of this type, uses the AES and RSA encryptions to make the victim's files inaccessible. The Birbware Ransomware will target the user-generated files in its attack. Malware threats do this so that Windows continues being operational so that a ransom note demanding a ransom payment can be delivered. The Birbware Ransomware targets the file types specified below in its attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The Birbware Ransomware will demand a ransom payment from the victim after encrypting the victim's files. These files will be changed by the file extension '.birbb,' which will be added to them. To do this, the Birbware Ransomware will deliver a ransom note in the form of a program window. The Birbware Ransomware also will change the infected computer's desktop wallpaper image. The Birbware Ransomware uses an image that depicts a bird attacking a child. The text of the Birbware Ransomware ransom message reads:
'uh-oh you just got urself some birdware
if u wanna get rid f this birdware you can send nxf#3688
some spicy mems on discord and may be he will
give you the encryption key'
It is possible that the Birbware Ransomware is meant to be used as a prank or joke, due to the contents of this ransom note and the poorly implemented ransom payment and demand procedure. However, the Birbware Ransomware poses a significant threat to the victims' files because the Birbware Ransomware make the victims' files inaccessible permanently in its attack. Because of this, prevention is key to ensure that your data is safe from threats like the Birbware Ransomware.
Protecting Your Data from Threats Like the Birbware Ransomware
The best protection against threats like the Birbware Ransomware is to have backup copies of your files. The files backup ensures that the victims of the Birbware Ransomware attack can restore any data encrypted by the Birbware Ransomware without having to contact the criminals responsible for the attack. Since the Birbware Ransomware is delivered via spam email attachments, having protection against this content kind is also crucial.
SpyHunter Detects & Remove Birbware Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | file.exe | 7a2524dfebc686de239c5f734e6bf828 | 1 |
