It is still unclear whether or not BSS Ransomware is an infection we all need to worry about, but it exists, and that is enough to catch the attention of our malware researchers. At the time of analysis, the threat was not spreading, but that is something that could change at any moment, and we do not want to take the chances. After all, it is better to stay safe than sorry. This infection is very similar to SnowPicnic Ransomware, SymmyWare Ransomware, ShutUpAndDance Ransomware, and hundreds (literally) of other threats that were created using the open-source code known by the name “Hidden Tear.” It is hard to say how much money cyber criminals might have garnered using the infections created on this code, and we do not dare to guess. Unfortunately, ransomware capable of encrypting files is very powerful, and if its slithers in – the game is usually over. Once the encryption is complete, there is no turning back, and the only thing to focus on is the removal of malware. In this report, we discuss deleting BSS Ransomware.
Although our research team claims that BSS Ransomware is not that serious and was, most likely, created by someone who is just playing with the code to learn more about the process, we cannot underestimate the infection. What if the creator updates it? What if it is distributed as a test or as a joke? We want none of that. Hopefully, this malware has not invaded your operating system yet, and you can still secure your operating system, which you can do using legitimate anti-malware software. You need to make sure that your system is secure; otherwise, various security backdoors and vulnerabilities could be exploited to drop BSS Ransomware launcher without you even knowing it. As soon as this malware is executed, it encrypts files without wasting another moment. It does that using AES-256 encryption algorithm, and it adds “.bss_locked” to all files’ names as a marker. It is worth mentioning that the infection only encrypts .ASP, .ASPX, .CSV, .DOC, .DOCX, .HTML, .JPG, .MDB, .ODT, .PHP, .PPT, .PPTX, .PNG, .PSD, .SQL, .SLN, .TXT, .XLS, .XLSX, and .XML files. Also, it only encrypts files that are found in the same location as the launcher. So, the place where the encrypted files are should also be the place where you will find the .EXE file that must be removed.
Even though BSS Ransomware exists, and its ability to encrypt files has been proven in our internal lab, it is not clear what its purpose is. It certainly is not to decrypt files. After the attack, it displays a message that asks this: “Send me some bitcoins or kebab. And I also hate desserts and coffee.” This, without a doubt, does not make any sense. Generally, once a file-encrypting infection corrupts files, a demand for a ransom payment is introduced to the victim, and they might be asked to pay anywhere from a few dollars to a few thousand of dollars in return for a decryption key/program/software/etc. Does that mean that victims of BSS Ransomware are completely screwed? Well, the thing is that even if you had the option to buy your way out of the mess, you would not get far. Cyber criminals who collect ransom payments take your money gladly, but they do not care if the victims restore their files. So, in any case, our focus is on the removal of malware.
We propose a manual removal guide, but we cannot guarantee that you will be able to remove BSS Ransomware yourself if it comes to it. The launcher of the infection could be hard to find, and you do not want to delete the wrong files. Luckily, you do not need to take any risks. Instead, you can use anti-malware software. If it can be trusted, it will automatically delete BSS Ransomware along with all other threats, and you will also need not to worry about the protection of your operating system.
|#||File Name||File Size (Bytes)||File Hash|
|1||BSS Ransom.exe||11264 bytes||MD5: 0058d5bc014e2a69476a9476e67d9199|
|#||Process Name||Process Filename||Main module size|
|1||BSS Ransom.exe||BSS Ransom.exe||11264 bytes|