BulbaCrypt Ransomware

Cybersecurity researchers came across a new data-encrypting Trojan called the BulbaCrypt Ransomware. When it was dissected, malware experts found out that the BulbaCrypt Ransomware is a variant of the infamous HiddenTear Ransomware.

It is not known what the infection vector of the BulbaCrypt Ransomware is but researchers believe that the attackers may be using spam email campaigns, alongside fake software updates and pirated content. Once the BulbaCrypt Ransomware worms its way into your system, it would scan it. The purpose of the scan is to locate the file types that the creators of the threats have programmed it to target. The next step of the BulbaCrypt Ransomware's attack is the encryption process. The BulbaCrypt Ransomware would lock the targeted files and add another extension to them called '.Crypted.' This will means that a file you had named 'kitten.jpeg' previously would be renamed to 'kitten.jpeg.Crypted' after the encryption process of the BulbaCrypt Ransomware. All the files that undergo the BulbaCrypt Ransomware's encryption will no longer be usable in any manner.

Then, the BulbaCrypt Ransomware goes on to drop a ransom note by the name 'HOW TO DECRYPT FILES.txt.' In the note, the attackers say that 'all your information (documents, databases, backups and other files)' has been encrypted. They also try to claim that this attack has been carried out by 'American Hackers' but, judging by the poor English used the truthfulness of this statement, it is highly doubtful. The attackers also claim that you will not be able to recover your data without the key they have and are willing to sell to you. Furthermore, they go on to say that reinstalling your PC will not salvage the situation either. The attackers also claim that if you do not contact them and pay the ransom fee within 48 hours, all your data will be wiped off. Then, they provide the victim with an email address where the attackers can be contacted – india2lock@gmail.com.

The BulbaCrypt Ransomware also launches a pop-up window with a message similar to the one in the ransom note, but more concise.

Despite all the claims of the attackers, the BulbaCrypt Ransomware is decryptable for free. Look online for a decryption tool for the HiddenTear Ransomware, and you may be able to retrieve all your data for free. Most importantly, make sure you have installed a reputable anti-spyware application to keep such threats at bay and make sure this does not happen again.