Threat Database Ransomware Bl Ransomware

Bl Ransomware

The cybercriminals are aiming to impact users' computers with another potent ransomware variant based on the Dharma malware family. Tracked as the BI Ransomware, the threat can cause significant problems if it is deployed successfully. By running an encryption routine with a strong cryptographic algorithm, the malware locks the victim's data and makes its restoration effectively impossible.

As part of its actions, the Bi Ransomware also modifies the names of the affected files. The threat assigns a unique ID to the victim and adds it to the name of the encrypted data. Then, it appends an email address under the control of the hackers (mr.black@disroot.org), before placing '.BI' as a new file extension. Finally, two separate ransom notes will be delivered to the breached device. One will be displayed in a pop-up window, while the other will be placed inside a text file named 'info.txt.'

Ransom Note's Details

The message in the text file contains little useful information, which is typical for a Dharma variant. It just instructs users to contact the aforementioned 'mr.black@disroot.org' email or a reserve address at 'unlock@tfwno.gf.' The pop-up window also fails to mention several crucial details, such as the amount of the demanded ransom or if the hackers are willing to decrypt some files for free as a demonstration of their ability to unlock the victim's files.

The message found in the 'info.txt' file is:

'all your data has been locked us
You want to return?
write email mr.black@disroot.org or unlock@tfwno.gf

The instructions in the pop-up window are:

YOUR FILES ARE ENCRYPTED

1024

Don't worry, you can return all your files!
If you want to restore them, write to the mail: mr.black@disroot.org YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:unlock@tfwno.gf

ATTENTION!
We recommend you contact us directly to avoid overpaying agents

Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
'

Related Posts

Trending

Most Viewed

Loading...