BISAMWARE Ransomware
BISAMWARE is a newly discovered ransomware strain. The new malware does not belong to any of the bigger ransomware families.
BISAMWARE encrypts the victim system and most files on it. Encrypted files receive the ".BISAMWARE" extension. This means that the encryption process will rename a file called "document.doc" and turn it into "document.doc.BISAMWARE" upon successful encryption.
BISAMWARE will encrypt documents, archive files, databases and media files.
The ransomware changes the system wallpaper with an image containing instructions on how to locate the ransom note. The actual ransom note is deposited inside a file named "SYSTEM=RANSOMWARE=INFECTED.TXT" and contains the following text:
==============RANSOMWARE NOTE==============
YOUR SYSTEM GOT INFECTED WITH A RANSOMWARE
CONTACT US DOWN BELOW AT OUR TOR ONION LIVE CHAT SYSTEM FOR DECRYPTION HELP
IF YOU "DONT" WANT THE FILES BACK - RESET YOUR PC
100% DECRYPTION AFTER PURCHASE OF DECRYPTION KEY - ONLY WE HAVE IT IN OUR DATABASE
TOR CHAT UNIQUE URL: -
YOU CAN CALL THE COPS - YOU CAN CALL ANY MASTER TECHNICAL SOFTWARE DEVELOPER BUT IT WONT HELP
WE ARE SPECIALIZED TO TARGET COMPANIES - THERE IS NO WAY TO RECOVER YOUR FILES WITHOUT GETTING THE DECRYPTION KEY
==============REQUIREMENTS==============
+TOR BROWSER TO ACCESS OUR TOR CHAT DOWNLOAD at hxxps://www.torproject.org/download/
+BITCOINS PURCHASE AT hxxps://www.blockchain.com/ , or hxxps://www.coinbase.com/ , or hxxps://www.binance.com/ , or hxxps://localbitcoins.com/
+WATCH TUTORIAL HOW TO BUY BITCOINS AT hxxp://[alpnanumeric string].onion/how_to_purchase_bitcoins.mp4 , or hxxps://www.youtube.com/watch?v=MIUQnVHh9rU