Bl00dyAdmin Ransomware Threatens Data Leaks
Upon analyzing new malware samples, we identified a variant of ransomware referred to as Bl00dyAdmin. This malicious software encrypts data and alters the names of encrypted files by appending the ".CRYPT" extension. Additionally, Bl00dyAdmin generates a file named "Read_instructions_To_Decrypt.txt," which contains instructions for making the ransom payment.
Bl00dyAdmin's file renaming pattern is exemplified by transforming "1.jpg" into "1.jpg.CRYPT," "2.png" into "2.png.CRYPT," and so on. The ransom note asserts that all files on the organization's servers and interconnected devices have been encrypted, signaling a potential breach or network intrusion. The note delineates a resolution process that involves acquiring decryption software from the attackers. The ransom amount is unspecified but is stated to escalate by $1000 every 24 hours, emphasizing the need for swift action within a 72-hour timeframe.
Moreover, the note provides contact information through email (bl00dyadmin@dnmx.org) and a Tox chat application. It includes instructions for obtaining the decryption software, along with a demonstration offer to decrypt three files at no cost to verify its effectiveness. However, the note also issues severe warnings of dire consequences for non-compliance, including the threat to disclose stolen data.
Bl00dyAdmin Ransom Note in Full
The complete text of the Bl00dyAdmin ransom note reads as follows:
Hello
We are a team of high-level competent team of Pentesters but NOT a THREAT to your reputable organization
We secure networks of companies to avoid complete destruction and damages to companies
We encrypted all files on Your servers to show sign of breach / network intrusion
To resolve this Continue reading !!!!ALL files oN Your Entire Network Servers and Connected Devices are Encrypted.
Means , Files are modified and are not usable at the moment.
Don't Panic !!!
All Encrypted files can be reversed to original form and become usable .
This is Only Possible if you buy the universal Decryption software from me.
Price for universal Decryption Software : $ Contact us either through email or tox chat app for the ransom price $
You Have 72 hours To Make Payment As Price of Universal Decryption software increases by $1000 dollars every 24 hours.
Contact on this email: bl00dyadmin@dnmx.org
copy email address and write message to bl00dyadmin@dnmx.org
You can write me on tox:
Download tox app from hxxps://tox.chat
Create new Account ..
Send me friend request using my tox id:
E5BBFAD2DB3FB497EA03612B2428F927FD8 A9B3333D524FD51D43B029B7870571CEB0166CB03
copy and paste it as it is
Before You Pay me … I will Decrypt 3 files for free To proof the universal Decryption software works
Failure to Pay Me :
Kindly RESPECT my Rules
Note: Huge amounts of Data / documents has been stolen from your Network servers and will be published online for free
I have stolen All Your Databases ; DAta on your shared drives ; AD users Emails(Good for Spam) ;
i have stolen huge amount of critical data from your serversI keep the breach private only if your cooperate
How Can Ransomware Infect Your System?
Ransomware can infect a system through various means, and attackers often employ sophisticated tactics to exploit vulnerabilities. Here are some common ways ransomware can infiltrate a system:
Phishing Emails: Attackers often use phishing emails to deliver ransomware. These emails may contain malicious attachments or links that, when clicked, initiate the download and execution of the ransomware. The emails may appear legitimate, often impersonating reputable entities, and may contain urgent or enticing messages to prompt the recipient to take action.
Malicious Websites: Visiting compromised or malicious websites can expose a system to ransomware. This can occur through drive-by downloads or by enticing users to click on seemingly harmless content that actually carries malicious payloads.
Malvertising: Cybercriminals may compromise online advertising networks to distribute malicious ads. Users who click on these ads may unknowingly download ransomware onto their systems. This method is known as malvertising.
Exploiting Software Vulnerabilities: Ransomware can exploit vulnerabilities in software, operating systems, or applications. Cybercriminals actively search for and exploit security weaknesses, and if a system is not promptly updated with the latest security patches, it becomes susceptible to ransomware attacks.
Remote Desktop Protocol (RDP) Attacks: If Remote Desktop Services are misconfigured or secured with weak credentials, attackers may use brute force or other methods to gain unauthorized access. Once inside, they can deploy ransomware on the compromised system or network.
Drive-by Downloads: Ransomware can be delivered through drive-by downloads, where malicious code is automatically downloaded and executed when a user visits a compromised or malicious website, often without any user interaction or awareness.
Infected Software Installers: Cybercriminals may compromise legitimate software installers, injecting ransomware into them. Users who unknowingly download and install these infected applications may inadvertently introduce ransomware onto their systems.
