Threat Database Ransomware Bot Ransomware

Bot Ransomware

By GoldSparrow in Ransomware

Ransomware threats seem to be the go-to tool when it comes to making a quick buck on the backs of innocent users. However, many cybercriminals are not nearly as high-skilled as they are often portrayed. This is one of the reasons why so many ransomware threats are just slightly altered variants of an already existing threat. This is the case with the Bot Ransomware. This file-encrypting Trojan is a copy of the infamous Dharma Ransomware, which has been pestering users online for quite a while.

Propagation and Encryption

Malware researchers have not come to a definitive conclusion as to how the Bot Ransomware is being propagated. Among the most common ways to spread ransomware threats are spam emails. These emails would often contain a carefully tailored message riddled with social engineering tricks aiming to convince the user to open the file attached to the email. Needless to say, this file is carrying the threat, and launching it would infect your system. Another commonly preferred method is using bogus application updates as an infection vector for spreading ransomware threats. The Bot Ransomware will scan the data on the compromised host to locate the file types, which it was programmed to target. Most data-locking Trojans aim at encrypting as many files as possible to cause maximum damage to the system. The Bot Ransomware applies an encryption algorithm to lock all the targeted files. Once this threat encrypts a file, it also alters its file name. The Bot Ransomware appends a '.id-.[].bot' extension to the newly locked files. After the encryption is completed, you will find that all your data is unusable.

The Ransom Note

After the encryption process has been completed successfully, the Bot Ransomware will drop a ransom note called 'FILES ENCRYPTED.txt.' Using all caps in the name of the ransom note is a rather common practice as it increases the chances of the user spotting the ransom message. In the note, the attackers do not mention the sum, which will be demanded as a ransom fee, but state that the payment will be required in Bitcoin. The authors of the Bot Ransomware urge the user to contact them via email at ‘' They also give out a backup email - ‘' To prove to the victim that they are fully capable of reversing the damage, the attackers state that they will unlock one file free of charge. The only requirements for this file are for it not to exceed 1MB in size and not to contain any information, which can be deemed valuable. The creators of the Bot Ransomware also have included a guide on how to obtain Bitcoins, for the users who are not clued up on the topic.

It is certainly advisable to avoid contacting cyber crooks like the ones behind the Bot Ransomware at all costs. Nothing good comes out of dealingswhich such ill-minded actors. Instead, you should look into obtaining a reputable anti-virus application and use it to wipe off the Bot Ransomware from your PC for good.

Related Posts


Most Viewed