bkp@cock.li Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 7 |
| First Seen: | September 26, 2018 |
| Last Seen: | September 10, 2021 |
| OS(es) Affected: | Windows |
PC security researchers first reported the bkp@cock.li Ransomware, an encryption ransomware Trojan, on September 20, 2018. The bkp@cock.li Ransomware is heavily based on the Crysis Ransomware, a well-known ransomware threat that has spawned numerous variants. The bkp@cock.li Ransomware, like many Trojans of this type, is commonly delivered to victims through corrupted spam email attachments, often in the form of compromised Microsoft Word documents that contain embedded scripts that download and install the bkp@cock.li Ransomware onto the victim's computer. Once the bkp@cock.li Ransomware is installed onto the victim's computer, it functions by taking over the victim's computer, encrypting the victim's data and demanding a ransom payment in exchange for restoring access to the compromised files.
Table of Contents
Symptoms of a bkp@cock.li Ransomware Infection
The bkp@cock.li Ransomware uses the AES and RSA encryptions to make the victim's files inaccessible. The bkp@cock.li Ransomware will target the user-generated files in its attack, which may include files with the following extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The computer users will recognize the files encrypted by the bkp@cock.li Ransomware because the bkp@cock.li Ransomware will rename the affected files by adding the file extension '.id-.[bkp@cock.li].bkp' to the end of each compromised file.
The bkp@cock.li Ransomware’s Ransom Demand
The purpose of the bkp@cock.li Ransomware is to demand a ransom payment. The bkp@cock.li Ransomware demands its ransom payment by dropping a text file on the victim's computer. This ransom note is named 'How to decrypt your files.txt' and delivers the following message to the victim:
'Attention! Your computer was attacked by virus-encoder.
All your files are encrypted cryptographically strong, without the original key recover is impossible! To get the decoder and the original key, you need to write us at the email: bkp@cock.li with subject "encryption" stating your id.
Write in the case, do not waste your and our time on empty threats.
Responses to letters only appropriate people are not adequate ignore.'
Unfortunately, once the bkp@cock.li Ransomware attack has compromised the files it targets, they will not be recoverable without the decryption key. Because of this, computer users must take precautionary measures to ensure that your data is safe from threats like the bkp@cock.li Ransomware completely.
Protecting Your Data from Threats Like the bkp@cock.li Ransomware
The best protection against threats like the bkp@cock.li Ransomware is to have backup copies of your files. These backup copies should be saved in a location that is inaccessible to Trojans like the bkp@cock.li Ransomware, such as on the cloud or external, secured devices. Apart from file backups, PC security researchers strongly advise computer users to have a security program that is fully up-to-date.
