BrainLag Ransomware

The BrainLag Ransomware is an encryption ransomware Trojan that is used to take the victims' files hostage. To do this, the BrainLag Ransomware will encrypt the victim's files and then claim that a ransom should be paid in exchange for the decryption key necessary to recover the affected data. PC security analysts first observed the BrainLag Ransomware on an online anti-virus platform. Con artists will upload partial or unfinished versions of their new threats to these platforms as a way to test whether they are capable of bypassing current anti-malware technology frequently. Malware analysts strongly advise computer users to take preventive steps to ensure that their machines are protected against the BrainLag Ransomware since it represents a real threat to the computer users' data.

The BrainLag Ransomware Trojan Uses Default Executable File Names

The BrainLag Ransomware is based on HiddenTear, an open source ransomware platform that has been active since August of 2015. Since its release, HiddenTear has spawned countless ransomware variants, including the BrainLag Ransomware. While many HiddenTear variants will rename the executable files associated with the attack, to cover their tracks somewhat, the BrainLag Ransomware will use default executable file names: 'hidden-tear.exe' and 'local.exe.'

Once the BrainLag Ransomware enters a computer, the BrainLag Ransomware will encrypt the victim's files using the AES and RSA encryptions. Due to this double encryption method, the victim's files become inaccessible. The BrainLag Ransomware takes the victim's files hostage. Unfortunately, once the BrainLag Ransomware encrypts the files, they may not be recoverable without the decryption key. The BrainLag Ransomware is virtually identical to numerous other HiddenTear variants that are being used actively against computer users currently. In its attack, the BrainLag Ransomware will encrypt numerous types of files, including those associated with software like Microsoft Office, Windows Media Player, Adobe Photoshop, as well as image, movie and audio files. The BrainLag Ransomware will encrypt the files that are user-generated while avoiding the files that are part of the Windows operating system.

There’s No Ransom Message Displayed by the BrainLag Ransomware

The BrainLag Ransomware will add the file extension '.xdxdlol' to each affected file's name after encrypting the victim's files. However, it is clear that the BrainLag Ransomware is still under development. While most ransomware Trojans deliver a ransom note to demand a ransom payment from the victim, the BrainLag Ransomware does nothing of the sort, just leaving a very short message on the infected computer. Ransomware attacks will connect to their Command and Control servers (the BrainLag Ransomware does this, using TOR) and deliver a ransom message that instructs the victim to communicate with the con artists using an anonymous method to receive payment instructions usually. This ransom note may take the form of a program window or a file dropped on the infected computer. Like other ransomware Trojans, the BrainLag Ransomware will change the infected computer's Desktop image into a ransom note, in this case, a black screen with a picture of the Grim Reaper and the following short text message:

'Infected By BrainLag.
🙂
Venao – 2017'

Protecting Your Data and Computer from the BrainLag Ransomware

Unfortunately, there may not be a way to recover the files encrypted by the BrainLag Ransomware currently. Due to its unfinished state, the victims of the BrainLag Ransomware attack don't even have the option of communicating with the con artists to negotiate the decryption of their files (which isn't recommended since the con artists may use the money to finance further infections, including repeated attacks on the victim's computer). Because there is no way to decipher files that have been encrypted by the BrainLag Ransomware, the best way to be immune to these attacks is to have file backups. If computer users have backup copies of their files, then the people responsible for the BrainLag Ransomware no longer can demand a ransom payment. Having a backup allows computer users to recover their files immediately by simple deleting the affected file and restoring it with a backup copy.