Cryptovirological discovery: BadNews Ransomware

At any given time, a plethora of cryptovirological strains is riding the cyber waves. Teams hunting for malware, therefore, are used to detect a new ransomware strain every other day. Recently, a cybersecurity group has discovered a ransomware strain that goes with the name ‘BadNews’.

The delivery method of BadNews ransomware is still not known. However, there are strong chances that the operators of this strain are using email attachments to deliver the payload. Upon the completion of encryption, the affected device restarts and a ransom note appears on the screen in HTML file format. The note doesn’t specify the extortion amount BadNews operators are asking for ransomware removal. But professionals expert in dealing with cryptovirological strains suggest that the extortion demand will lie somewhere between $500 and $1,500.

BadNews uses double encryption

According to initial investigations, BadNews ransomware operators have used both AES and RSA encryption modules to lock down the files on targeted computers. It is important to note that AES and RSA modules entail symmetric and asymmetric encryption respectively. This means devising ransomware removal measure for this cryptovirological strain will be a tad difficult.

BadNews ransomware operators also offer free decryption of one affected file to guarantee the affected users that they can decrypt all the locked down files through the decrypter provided by the operators. In some cases, rookie operators messed up the cryptovirological code. And as a result, they couldn’t develop the right decryption key for ransomware removal. The attackers also warn of the targeted users to refrain from performing self-decryption because it can result in permanent loss of data.

Putting strong protection in the form of layered firewall and ransomware protection software is essential for preventing and limiting the damage of cryptovirological activity. In addition, backing up data will save you from playing into the hands of ransomware operators.