Bhgr Ransomware Will Lock Your Computer
During our analysis of malware samples, we encountered Bhgr, a member of the Djvu ransomware family. Bhgr operates by encrypting files on the compromised system and modifying their filenames with the ".bhgr" extension. A ransom note named "_readme.txt" is also generated by Bhgr.
To illustrate the renaming process, Bhgr alters filenames like "1.jpg" to "1.jpg.bhgr" and "2.png" to "2.png.bhgr". It's crucial to note that Djvu ransomware variants often come bundled with information stealers such as Vidar and RedLine.
The ransom note provides two email addresses (support@freshmail.top and datarestorehelp@airmail.cc) and instructs victims to contact the attackers within 72 hours to prevent an increase in the ransom amount. Initially, the demanded payment stands at $490. However, failure to comply within the specified timeframe will result in the ransom escalating to $980 for the decryption tools.
Furthermore, the ransom note emphasizes that the encrypted files cannot be recovered without purchasing the decryption software and a unique key from the attackers. While a free decryption offer is mentioned for a single file, it explicitly states that the file should not contain crucial information.
Bhgr Ransom Note Ramps Up Ransom Demand in Three Days
The full text of the Bhgr ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-vKvLYNOV9o
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How is Ransomware Like Bhgr Distributed Online?
Ransomware like Bhgr is typically distributed online through various methods. Here are some common distribution techniques used by cybercriminals:
- Email Attachments: One common method is through malicious email attachments. Attackers send phishing emails that appear legitimate and often contain attachments, such as documents or compressed files, that are infected with the ransomware. When users unknowingly open or download these attachments, the ransomware gets executed on their systems.
- Malicious Links: Another method is through the use of malicious links. Cybercriminals may send emails or create fake websites that contain links to download or access seemingly harmless files or software. However, clicking on these links leads to the download and execution of the ransomware on the victim's device.
- Exploit Kits: Exploit kits are malicious software packages that target vulnerabilities in commonly used software, such as web browsers or plugins. By visiting compromised or malicious websites, users can unknowingly trigger the exploit kit, which then delivers and installs the ransomware onto their systems.
- Malvertising: Malvertising involves injecting malicious code into legitimate online advertisements. When users click on these compromised ads, they are redirected to websites that host exploit kits or directly download ransomware onto their devices.
- Remote Desktop Protocol (RDP) Attacks: Ransomware distributors may also target vulnerable Remote Desktop Protocol connections. They exploit weak or default login credentials to gain unauthorized access to a system, where they then deploy the ransomware.
- Software Vulnerabilities: Exploiting vulnerabilities in software is another way ransomware can be distributed. Cybercriminals take advantage of unpatched or outdated software with known vulnerabilities to gain entry to systems and deploy the ransomware.
- Drive-by Downloads: Drive-by downloads occur when users visit compromised or malicious websites that automatically download and execute the ransomware onto their systems without any user interaction or consent.
It's important for users to exercise caution when opening email attachments, clicking on links, visiting websites, and keeping their software up to date with the latest security patches to minimize the risk of ransomware infections. Additionally, maintaining regular backups of important files and implementing robust security measures can help protect against ransomware threats.
