Multi-Device Licenses (Volume Discounts)
Threat Database Ransomware Bomber Ransomware

Bomber Ransomware

By CagedTech in Ransomware
Translate To:
English

The Bomber Ransomware is not an original piece of malware. After analyzing its underlying capabilities and code, infosec researchers have concluded that the threat is a variant belonging to the Amnesia Ransomware family. The Bomber Ransomware will stealthily infiltrate targeted computers, execute its threatening programming, and leave the files of the victim in an encrypted state. Encrypted files will be unusable and their restoration is typically impossible without getting the necessary decryption codes from the threat actors.

As part of its actions, the Bomber Ransomware will change the names of the locked files completely. In their place, the threat will leave a string of random characters followed by '.bomber' as a new file extension. Finally, victims will be provided with a ransom-demanding message. The ransom note of the threat will be dropped on the system as a text file named 'HOW TO RECOVER ENCRYPTED FILES.TXT.'

Demands Overview

The note fails to provide several crucial details. It doesn't mention the sum that the attackers would demand to receive as a ransom. Instead, it simply states that the price for decryption will be based on the time victims take before contacting the hackers. The only way to communicate with the cybercriminals is via the email address found in the note - 'gardengarden@cock.li.' The entire second half of the ransom note consists of various warnings. Users are told not to rename the locked files or try to decrypt them with third-party apps as that could cause permanent damage to the data.

The full text of the note is:

'Your files are now encrypted!

Your personal identifier:

All your files have been encrypted due to a security problem with your PC.

Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.

Contact us using this email address: gardengarden@cock.li
Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.'

Related Posts

Trending

Most Viewed

Loading...