Bkransomware Ransomware appears to be a malicious application that was created to test antivirus technology. Our researchers say the malware’s developers claim they do not use it to attack any users. While we cannot confirm whether it is true or not, it is important to realize it does not mean some hackers could not use the available sample to create their own modified versions of this software. Unfortunately, it usually happens with all file-encrypting threats created for educational purposes. After all, cybercriminals who live from money they extort probably try not to miss a chance to make more money from unfortunate computer users. Having this in mind, we will discuss Bkransomware Ransomware further in this article and in case anyone encounters it we will add our recommended deletion instructions for manual removal at the end of this text.
It looks like Bkransomware Ransomware does not create any data after entering the system and works from the directory where the user placed its launcher. Often, it is a suspicious email attachment or any other suspicious file downloaded from the Internet, so users should look for the threat’s launcher in the Desktop, Downloads, and Temporary Files folders. Another thing we learned about this malicious application is it uses ROT23 cryptosystem to lock targeted files. This cipher is not particularly complicated, and so there is hope the files affected by the infection could be decrypted. According to our researchers the malware is supposed to target all files with the following extensions: .txt, .cpp, .docx, .bmp, .doc, .pdf, .jpg, .pptx, .png, .c, .py, .sql. Also, it might mark encrypted files with .hainhc extension, for example, storm.jpg.hainhc, receipt.pdf.hainhc, speech.docx.hainhc, and so on.
Furthermore, it looks like the malicious application can encrypt files not only in the C: drive, but also data on drives like D: and E:, which means it could ruin data on devices attached to the computer too. Soon after it encrypts all targeted files in the described locations, Bkransomware Ransomware should launch a file with a ransom note. Currently, the text says: “send 50k viettel to 0963210438 to restore your data Press any key to continue.” Looking at the asked sum, it seems believable the malware was not created to attack anyone since the given number is ridiculously huge. We always advise users not to put up with any demands as there is a chance the hackers could scam them. Thus, in case anyone decides to use Bkransomware Ransomware for malicious purposes we would recommend not to take any chances, especially when the software uses such a weak cipher to encrypt the files. Of course, it would be best to prepare for such situations and backup most crucial data somewhere safe. Then if you accidentally encounter a ransomware application, you could erase it with no hesitation and then restore encrypted files from backup.
In order to remove any malicious program, it is essential to kill the threat’s process first and then look for its launcher or other data related to it. In many cases threats like Bkransomware Ransomware do not place any data except ransom documents, so users can erase such infections by deleting the malicious files they downloaded unknowingly. The instructions located below this article will show how such process would look like. Naturally, for less experienced users we recommend using reliable security tools instead as they can identify malware and help users get rid of it faster.
|#||File Name||File Size (Bytes)||File Hash|
|1||c23f695a19346bf3a5b21fb5a281771808953930d8dcb0a359f163ba0329305f.exe||90112 bytes||MD5: 892da86e60236c5aaf26e5025af02513|
|#||Process Name||Process Filename||Main module size|