Major Ransomware
Security researchers spotted new ransomware on the loose in early April 2019. The new threat that is called the Major Ransomware also goes by the name of the Bmps Ransomware. It is not clear whether the Major Ransomware is a fork of some other, older threat; therefore, it can be assumed that the Major Ransomware is its own thing. Once it encrypts files on the victim's system, the Major Ransomware appends two possible extensions, depending on its own version. The scrambled files receive either ".major" or ".core" file extensions after their encryption. For example, a file named "pencil_drawing.jpg" will turn into "pencil_drawing.<14-digit ID>.bmps@tutanota.major. There also are reports of cases where the string appended after the 14-digit ID is "xlsx@tutanota.com.core."
The first reported victims of the Major Ransomware were located in Poland, Portugal and Ukraine. Even though the ransom note suggests that the Major Ransomware is targeting English speakers, this does not mean that it cannot be used globally, even without translating the ransom demand.
Here is the full text of the ransom note:
'ATENTION!!!
I am truly sorry to inform you that all your important files are crypted.
If you want to recover your encrypted files you need to follow a few steps.
You need to buy bitcoins and send them to the address you receive by mail.
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site.You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
write to Google how to buy Bitcoin in your country?
in order to guarantee the availability of our key
we can decrypt one file for free
the size of the files <1 mb, doc.docx.xls.xlsx.pdf.jpg.bmp.txt file format
other formats will not be free decryption
after payment we will send a decryption program
Do not try to decrypt your files with programs by the decoder,
you will only damage your data and lose them forever.
Only we can decrypt your data, write to the original mails specified in this file,
otherwise you will become a victim of scammers.
Contact email address bmps@tutanota.com or bmps@protonmail.com'
The Major Ransomware affects a large number of common extensions including office files, PDF documents, images, databases, media files and archives. The samples of the Major Ransomware that have been found so far have all been executable with random names. There is no known available decryption tool for the Major ransomware at the moment.
