Bkqfmsahpt Ransomware
The Bkqfmsahpt Ransomware can affect a diverse range of file types, which will prevent users from accessing them. The threat locks the targeted files with an uncrackable cryptographic algorithm and then demands payment of a ransom for their restoration. When infosec researchers analyzed this specific malware, they confirmed that it is a variant belonging to the Snatch Ransomware family.
Besides locking most of its victims' data, the threat also will append '.bkqfmsahpt' to the original name of the targeted files as a new extension. Afterward, a ransom note will be dropped on the breached devices, contained inside a text file named 'HOW TO RESTORE YOUR FILES.TXT.' Reading the ransom-demanding message reveals that the Bkqfmsahpt Ransomware is likely used in attack campaigns against corporate entities.
According to the instructions of the cybercriminals, victims must contact them to receive additional details. Two email addresses are provided as potential communication channels - 'datasto100@tutanota.com' and 'restore_help@swisscows.email.' The ransom note also mentions an ID for the Tox chat client, but this method is supposed to be used in emergencies only. The operators of the Bkqfmsahpt Ransomware also state that they are willing to unlock up to 3 files for free. However, the files chosen by the victims must not contain important data and should not exceed a total size of 1 MB.
The full text of Bkqfmsahpt Ransomware's note is:
'Hello!
All your files are encrypted!
Email me if you want to get your files back - I will do it very quickly!
Contact me by email:datasto100@tutanota.com
restore_help@swisscows.emailThe subject line must contain an encryption extension or the name of your company!
Do not rename encrypted files, you may lose them forever.
You may be a victim of fraud. Free decryption as a guarantee.
Send us up to 3 files for free decryption.
The total file size should be no more than 1 MB! (not in the archive), and the files should not contain valuable information. (databases, backups, large Excel spreadsheets, etc.)To contact us, we recommend that you create an email address at protonmail.com or tutanota.com
Because gmail and other public email programs can block our messages!If you do not receive a response from us for a long time, check your spam folder.
===========================================================
Customer service TOX ID: 0FF26770BFAEAD95194506E6970CC1C395B 04159038D785DE316F05CE6DE67324C6038727A58
Only emergency! Use if support is not responding'
