Backoff Ransomware Changes System Wallpaper

Our research team identified the Backoff ransomware during an examination of new file samples. This malicious software is part of the Chaos ransomware family, a type of malware known for encrypting data and demanding ransoms for decryption.

Backoff encrypts files and adds a ".backoff" extension to their names. For instance, an original file named "1.jpg" became "1.jpg.backoff," and "2.png" transforms into "2.png.backoff," and so forth. Additionally, the ransomware alters the desktop wallpaper and generates a ransom note named "read_it.txt."

According to Backoff's message, the ransomware was purportedly released for testing purposes. Notably, the note lacks instructions for decryption or ransom payment but provides contact information for the attackers. The note suggests that the ransomware author knows the ransomware will be examined inside a test bed system, so this is likely a very early version that is still under active development.

Backoff Ransom Note Keeps it Brief

The full text of the very brief ransom note produced by Backoff reads as follows:

Good Afternoon.
Since you are being a pain and trying to grab my files and be nosey, here is a little treat.

Im testing stuff just as you are.

Care to chat. My tele is
@anontsugumi

How Can Ransomware Propagate Over the Internet?

Ransomware can propagate over the internet through various methods, exploiting vulnerabilities and human behaviors. Here are some common ways:

Phishing Emails: Cybercriminals often use phishing emails to distribute ransomware. These emails contain malicious attachments or links that, when clicked, can download and execute the ransomware on the victim's system.

Malicious Websites and Downloads: Visiting compromised or malicious websites can expose users to drive-by downloads, where malware, including ransomware, is automatically downloaded and executed on the user's computer without their knowledge.

Exploit Kits: Cybercriminals may utilize exploit kits that target vulnerabilities in software and operating systems. If a user's system is not properly patched or updated, these kits can exploit vulnerabilities to install ransomware.

Malvertising: Malicious advertising, or malvertising, involves placing malicious code in online advertisements. Users who click on these ads may unknowingly download ransomware onto their systems.

Drive-by Downloads: Ransomware can be delivered through drive-by downloads, where malware is automatically downloaded and installed when a user visits a compromised or malicious website. This can happen without any action required from the user.

Remote Desktop Protocol (RDP) Exploits: Attackers may exploit vulnerabilities in Remote Desktop Protocol (RDP) to gain unauthorized access to a system. Once inside, they can deploy ransomware.

Social Engineering: Cybercriminals use social engineering techniques to trick individuals into downloading malicious files or clicking on links. This can be through fake software updates, false notifications, or enticing offers.

Watering Hole Attacks: In watering hole attacks, cybercriminals compromise websites that are frequently visited by the target audience. When users visit these compromised sites, they may unknowingly download ransomware.