Remove PayloadBIN Ransomware

ProLock Partners With Qakbot

The Evil Corp hackers have unleashed yet another ransomware family, which targets various companies and enterprises around the world. This cybercrime group has ties to the Dridex Trojan, and it is also behind some of the most notable ransomware families to be seen in the past year – WastedLocker, Hades, and Phoenix. The recent release of the PayloadBIN Ransomware caught the attention of malware researchers immediately, and the threat was found to be a variant of the Babuk Locker family. Unfortunately, victims of the threat will not have access to a free decryption tool, and it might be impossible for them to recover their data unless they have access to a backup.

There is not enough information about the exact method of propagation that the PayloadBIN Ransomware uses, but it is clear that its encryption is very secure. The ransomware will apply the '.PAYLOADBIN' extension to locked files and then drop the 'PAYLOADBIN-README.txt' ransom note.

Of course, the criminals use unique email addresses for each of their victims, which shows that their approach is quite sophisticated – they deploy the PayloadBIN Ransomware manually after compromising the victim's system or network by exploiting vulnerabilities.

Victims of the PayloadBIN Ransomware should not accept the offer of the criminals because it is unlikely that they will receive a decryptor in return. It is recommended to dispose of the threat with the use of antivirus software and then restore data from a backup or by using alternative data recovery tools and options.

June 8, 2021

Leave a Reply