The Buddyransome Ransomware is a nasty threat that encrypts data and adds the ".buddyransome" extension to affected filenames. The Buddyransome Ransomware also leaves behind a ransom note in the form of a text file named 'HOW_TO_RECOVERY_FILES.txt.' Once Buddyransome has been installed, it will lock users out of their files until they pay a ransom to the cybercriminals responsible for the attack. In the vast majority of ransomware attacks, victims do not have other options for restoring all of the encrypted data apart from negotiating with the threat actors. However, paying the ransom does not guarantee that you will get your data back.
The Buddyransome Ransomware Runs a Double-Extortion Scheme
The operators of the Buddyransome Ransomware expect their victims to pay for a decryption tool to regain access to the encrypted files. Apparently, the only way to reach the attackers is via the 'firstname.lastname@example.org' email address mentioned in the ransom note. According to the threat's message, various sensitive data have been collected from the breached devices and are now available to the hackers. If their demands are not met, the obtained information will supposedly be leaked to the public.
Why does Ransomware Like Buddyransome Use Double Extortion?
Double extortion means that the attackers are using two different forms of blackmail to extort victims. The first form is the traditional one, where they encrypt the victim's system files and demand ransom payments in return for unlocking the information. The second extortion involves threatening to publish or leak any personally identifiable information (PII) or intellectual property that was discovered during the attack if their ransom demands are not met within a certain timeframe.
The full text of Buddyransome Ransomware's demands for its victims is:
Your company has been hacked!
All your files are encrypted, but we understand that you can most likely recover from backups.
We have also dumped all of your documents relating to accounting, administration, legal, HR, SQL, passwords and more!
If we don't come to an agreement, we will be forced to hand over all your files to the media for publicity.
Your personal ID:
If you want to decrypt your files and prevent them from leaking, write to us : email@example.com
Please provide your personal ID in the email'