The Brotherhood Ransomware is a malicious program that shows a picture of Willy Wonka, a character from the movie called Charlie and the Chocolate factory, next to the text on the ransom note. However, we believe the possibility of any users seeing this message is incredibly tiny. That is because we do not think the cybercriminals behind it are distributing it and even if they were the looks of the described ransom note could change. Nevertheless, our specialists think users who wish to keep their systems safe from such threats should learn about them as much as possible. Further, in this article, we will talk about how The Brotherhood Ransomware could be spread and how it might act if it ever gets finished. Therefore, if you are interested in hearing more about this malware, we encourage you to continue reading our report.
Many ransomware applications enter the system after exploiting its vulnerabilities or because users launch them unknowingly. The computer could be vulnerable if you have not updated its operating system or other applications installed on it for quite some time. As you see, updates usually not only improve the software but also remove its previous weaknesses; unless they are not discovered yet. In addition, users should always be careful when encountering unreliable data. For example, files received with Spam or from unknown senders, installers downloaded from torrent or other untrustworthy file-sharing websites, and so on. If you want to launch some file despite the fact it looks doubtful, it would be smart to at least scan it with a reliable security tool first. This way you might avoid infecting the device because with malicious programs like The Brotherhood Ransomware; sometimes there is no turning back once the installer is launched.
There are a few things we found out about the malware that made us realize what we have encountered is not yet the last variant of The Brotherhood Ransomware. First of all, the malicious program targets only one directory (%USERPROFILE%\Documents) that might not even have any files worth paying the ransom. Next, the text on the ransom note or the picture (RansomNote.jpg) we described at the beginning of the article demands the user to pay an enormous amount of Bitcoins. Not to mention, the Bitcoin wallet where the victims are supposed to transfer the money appears to be invalid. We do not doubt if the malware’s developers ever finish creating The Brotherhood Ransomware they most likely would program it to encrypt other files besides the data located in the Documents folder. Of course, the price for ransom should be reduced so the potential victim would be able to pay it and the Bitcoin wallet address to transfer the money should be valid. It is difficult to say if the cybercriminals will correct these things, but since the threat employs a secure encryption algorithm and seems to be working fine, we would say it is quite possible.
Lastly, at the end of the article we will place instructions explaining how one could erase The Brotherhood Ransomware manually. It is important to know we cannot guarantee the instructions will remove the malicious program because in case anything gets changed there is a chance the malware could drop data on the infected devices that might not be mentioned in our provided steps. Knowing this, it might be a good idea to acquire a reliable security tool and let it erase the threat for you.
|#||File Name||File Size (Bytes)||File Hash|
|1||TheBrotherHood Ransomware.exe||279552 bytes||MD5: 23d82835c257a162f57027008bfed716|
|#||Process Name||Process Filename||Main module size|
|1||TheBrotherHood Ransomware.exe||TheBrotherHood Ransomware.exe||279552 bytes|