Cyber Security

Bepabepababy Ransomware Threatens to Leak Victims’ Data Online

A new variant of the infamous GlobeImposter ransomware has popped up on the malware scene. Called Bepabepababy, the newest member of the vicious ransomware family is designed to wreak havoc and extort payments from its innocent victims.

Upon infiltrating a device, Bepabepababy scans the system for user-generated files. The virus targets files that could contain valuable information, such as databases, presentations, documents, and archives.

Bepabepababy will follow a simple renaming pattern. It will keep the original file name and extension, but it will also append its operators' email address, including it in the file name. For example, an archive called "Invoice.rar" will be renamed to "Invoice.rar.bepabepababy1@protonmail.com."

Ransom demands

Upon completing the encryption operation, Bepabepababy will create an HTML file called "how_to_back_files.html," which contains a ransom-demanding message.

Ransom Note Text:

“YOUR PERSONAL ID---

 

ENGLISH

YOUR FILES ARE ENCRYPTED!

ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.

 

Don't worry, you can return all your files! All your files like photos, databases, documents, and other important are encrypted with the strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files.

To recover data you need a decryptor.

To get the decryptor you should:

  • Register an email to protonmail.com or cock.li (do not waste time sending letters from your standard email address, they will all be blocked). · Send an email from your new email address to: bepabepababy1@protonmail.com with your personal ID. · In response, we will send you further instructions on decrypting your files.

Attention!

  • It is in your interest to respond as soon as possible to ensure the recovery of your files, because we will not store your decryption keys on our server for a long time. · check the folder "Spam" when waiting for an email from us.we gathered highly confidential/persornal data. thses data are currently stored on a private sever. this server will be immediately destroyed after your payment.we only seek money and do not want to damage your reputation. if you decide to not pay, we will release this data to public or re-seller. If we do not respond to your message for more than 48 hours, write to the backup email : moscownight123@airmail.cc”

Bepabepababy's ransom note informs the victim that their data is not permanently lost and that a decryption tool is available for a price.

However, instead of naming the decryption price, Bepabepababy instructs the victim to create a Protonmail account. Victims are told to use their new email account to contact the threat operators via either the bepabepababy1@protonmail.com or moscownight123@airmail.cc email address.

Victims are cautioned not to waste time because the only decryption key capable of recovering their files will be stored on the criminals' server for a limited time.

Additionally, victims are warned that their data will be leaked online if they refuse to pay. The note, however, doesn't specify where the stolen data will be published.

Decryption

Sadly, there are no alternative decryption tools for Bepabepababy ransomware. However, experts recommend against involving the threat operators.

Victims are warned that they are dealing with experienced manipulators who know how to lure their victims into doing things best avoided. 

Ransomware operators often ignore their victims once the ransom is paid. Furthermore, these individuals usually "rent" ransomware services from other criminals. The threat operators usually lack the technical skills to help their victims when an issue pops up.

Victims can use backups stored on external devices to recover their files. Of course, the ransomware must be removed before any external device is connected to the host machine. Otherwise, Bepabepababy will spread its corruption to the backup device and corrupt the data saved on it.

Distribution

Although many ransomware threats are deployed in targeted attacks, Bepabepababy relies on classic distribution tricks. The ransomware uses emails, corrupted links, fake updates, and malicious installers. In more rare cases, trojan horses could also drop the threat as second-stage malware.

Experts explain that most cyber infections are caused by no one else but the victims themselves. Criminals lay various traps and wait for naive users to fall into them. The good news is that good cyber hygiene can prevent these tricksters from succeeding.

Show More

Reactionary Times News Desk

All breaking news stories that matter to America. The News Desk is covered by the sharpest eyes in news media, as they decipher fact from fiction.

Previous/Next Posts

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button