BSC Ransomware

At the beginning of June 2019, experts in the field of detecting and studying malware spotted a new ransomware threat surfacing. It was dubbed the BSC Ransomware, and when they looked further into this newly discovered data-locking Trojan, they found out that it is a variant of the infamous Dharma Ransomware.

The malware researchers did not manage to come to a clear conclusion on how the BSC Ransomware is being propagated by its creators. However, it is largely believed that they may have employed the most common methods of spreading file-encrypting Trojans – via spam email campaigns, faux updates and infected pirated data. If the BSC Ransomware manages to penetrate the PC targeted successfully, it will start a scan. The point of the scan is to determine the locations of the file types, which this data-locking Trojan will encrypt. Then, the next step is the encryption process. After going through the encryption process of this threat, the files it had targeted will have their names changed according to the pattern applied by nearly all Dharma Ransomware variants – by adding '.id-.[basecrypt@aol.com].bsc' as an extension on the file name. Like other ransomware threats, which belong to the Dharma Ransomware family, the BSC Ransomware also generates a unique ID for each of its victims. Since the BSC Ransomware appears to follow the pattern of the Dharma Ransomware based threats, it is likely that the ransom note it drops would be named 'FILES ENCRYPTED.txt.' The attackers provide the victim with an email address where they are to be contacted – basecrypt@aol.com.

We would recommend you to avoid getting in touch with any shady individuals online, especially ones that are willing to extort you for money like the authors of the BSC Ransomware. Instead, it is much safer to make sure you obtain a legitimate anti-virus suite and use it to clear your system of the BSC Ransomware.