BackMyData Ransomware is a Clone of the Infamous Phobos Ransomware

ransomware lock

BackMyData is a type of ransomware associated with the Phobos family. Our findings reveal that BackMyData encrypts files and alters their names, introducing two ransom notes ("info.hta" and "info.txt").

The file renaming process involves appending the victim's ID, an email address (backmydata@skiff.com), and the ".backmydata" extension. For instance, it transforms "1.jpg" into "1.jpg.id[9ECFA84E-3511].[backmydata@skiff.com].backmydata," and "2.png" into "2.png.id[9ECFA84E-3511].[backmydata@skiff.com].backmydata," and so forth.

The ransom note communicates to the victim that their network has been breached, leading to file encryption. It emphasizes the severity of the situation by detailing the theft of sensitive data, encompassing information related to employees, customers, partners, and internal company documentation. The note asserts that all data will remain inaccessible until a ransom is paid.

In the event of unsuccessful negotiations, the note issues a threat to sell the compromised data and outlines potential repercussions, including legal actions, financial losses, and irreversible harm to the victim's reputation.

The attackers propose a discounted ransom if contacted within a specific timeframe, providing instructions for communication through a designated messaging platform (Session) and email address (backmydata@skiff.com).

Furthermore, the note underscores the importance of adhering to strict rules to prevent damage to the encrypted files and warns against involving third parties or using unauthorized decryption tools.

BackMyData Ransom Note in Full

The complete text of the longer BackMyData ransom note reads as follows:

ATTENTION

Your network is hacked and files are encrypted.
Including the encrypted data we also downloaded other confidential information:
Data of your employees, customers, partners, as well as accounting and
other internal documentation of your company.

All data is stored until you will pay.
After payment we will provide you the programs for decryption and we will delete your data
We dont want did something bad to your company, it is just bussines (Our reputation is our money!)
If you refuse to negotiate with us (for any reason) all your data will be put up for sale.

What you will face if your data gets on the black market:
1) The personal information of your employees and customers may be used to obtain a loan or
purchases in online stores.
2) You may be sued by clients of your company for leaking information that was confidential.
3) After other hackers obtain personal data about your employees, social engineering will be
applied to your company and subsequent attacks will only intensify.
4) Bank details and passports can be used to create bank accounts and online wallets through
which criminal money will be laundered.
5) You will forever lose the reputation.
6) You will be subject to huge fines from the government.
You can learn more about liability for data loss here:
hxxps://en.wikipedia.org/wiki/General_Data_Protection_Regulation
hxxps://gdpr-info.eu/
Courts, fines and the inability to use important files will lead you to huge losses.
The consequences of this will be irreversible for you.
Contacting the police will not save you from these consequences, and lost data,
will only make your situation worse.

IF YOU WILL CONTACT US IN FIRST 6 hours , and we close our deal in 24 hours , PRICE WILL BE ONLY 30%.
(time is money for both of us , if you will take care about our time , we will do same , we will care of price and decryption process will be done VERY FAST)
ALL DOWNLOADED DATA WILL BE DELETED after payment.

You can get out of this situation with minimal losses (Our reputation is our money!) !!!
To do this you must strictly observe the following rules:
DO NOT Modify, DO NOT rename, DO NOT copy, DO NOT move any files.
Such actions may DAMAGE them and decryption will be impossible.
DO NOT use any third party or public decryption software, it may also DAMAGE files.
DO NOT Shutdown or Reboot the system this may DAMAGE files.
DO NOT hire any third party negotiators (recovery/police, etc.)
You need to contact us as soon as possible and start negotiations.

You can send us 1-2 small data not value files for test , we will decrypt it and send it to you back.
After payment we need no more that 2 hours to decrypt all of your data. We will be support you untill fully decryption going to be done! ! !
(Our reputation is our money!)

Instructions for contacting our team:
Download the (Session) messenger (hxxps://getsession.org) in messenger 05947063ab6603c0e3a12db53d93d23634081c56390ff2084d11977820f78ce877

MAIL:backmydata@skiff.com

How Can Ransomware Similar to BackMyData Infect Your System?

Ransomware, like BackMyData, can infect a system through various means, and it often relies on deceptive tactics to infiltrate and encrypt files. Here are some common methods used by ransomware to infect systems:

Phishing Emails: Cybercriminals may send phishing emails containing malicious attachments or links. These emails often mimic legitimate communications and may appear to be from trusted sources. Once the recipient opens the attachment or clicks on the link, the ransomware is executed, infecting the system.

Malicious Websites: Visiting compromised or malicious websites can expose your system to ransomware. Drive-by downloads and exploit kits on such sites can exploit vulnerabilities in your web browser or plugins, leading to the installation of ransomware.

Malvertising: Cybercriminals may use malicious advertisements (malvertising) to spread ransomware. These ads may be displayed on legitimate websites and can lead users to malicious sites or trigger downloads when clicked.

Exploiting Software Vulnerabilities: Ransomware can exploit vulnerabilities in operating systems, software, or applications. It's crucial to keep your software up-to-date with the latest security patches to minimize the risk of exploitation.

Infected External Devices: Ransomware can spread through infected external devices like USB drives or external hard disks. Plugging in an infected device to your system can introduce the ransomware.

By Zaib
February 15, 2024
Ransomware
English
February 15, 2024
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Fopra Ransomware is a New Phobos Clone

A new variant of the Phobos ransomware family was discovered recently. The new strain is called the Fopra ransomware. Fopra does nothing particularly different compared to other Phobos clones. It encrypts files on the... Read more

August 30, 2022
Ransomware

Unique Ransomware Joins Phobos Clone Family

A new strain of ransomware belonging to the Phobos family was spotted by researchers this week. The new variant is called the Unique ransomware. Unique encrypts files on the system and leaves them scrambled. Encrypted... Read more

September 28, 2022
Ransomware

MNX Ransomware is a New Phobos Clone

MNX ransomware is a new clone that expands the Phobos family of ransomware variants. MNX behaves largely like other recent Phobos clones. It will encrypt files on connected system drives and ask for ransom. Encrypted... Read more

November 24, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.