Aside from permanent file encryption, attackers are threatening the victims that they will expose the collected confidential data to the public if no ransom money was received during the stated period. As a result, the ordinary file word.doc will transform into .Īt the last part of the attack, Bbii ransomware will generate a text file readme.txt containing instructions and details to communicate with the attackers to be able to obtain the decryption software. bbii file extension to serve as a marker that data is encrypted. Though the cipher action is enough to make the files inaccessible, the virus still appends the. A public key is also obtained from the remote server and the virus will use this while it encrypts target files like documents, photos, images, videos, zip files, and so on. On the stages of file encryption by the Bbii ransomware, a command-and-control (C&C) server will be contacted to receive commands. It then makes copies of data from network servers, shared directories, and compress them before moving it to a designated location. Trend Micro analysis states that this ransomware variant is able to harvest the user’s credentials and deploy CobaltStrike to control the environment. Then, it will escalate the privilege on the system by further exploiting local software weaknesses. Thus, opening the said email attachment will launch the virus Bbii.Īside from emails, Bbii ransomware also infiltrates the computer through brute force by exploiting the vulnerability on RDP. Likewise, the attached file is masquerading as a legitimate document where in fact it is the executable format of Bbii ransomware. The subject covers almost entirely of business phrases including shipping details, payment, parcel delivery, bank account, tax, salary, and so on. To trick email users and avoid suspicion, the email is in disguise as a valid letter from prominent organization. These attackers have tons of email addresses gathered from previous malware attack or they have acquired from an underground data market. Primarily they are engaging in phishing emails to distribute copies of Bbii ransomware to scores of recipients. How Bbii ransomware spreads?Īs stated, actors behind this virus are employing different tactics when spreading the malicious code. It can enter a random target computer in a variety of methods and once penetrates successfully, Bbii ransomware is going to attack the majority of files by encrypting them with complex algorithm. Although this Bbii ransomware is able to conceal itself on the computer, some anti-virus application can detect it as Dropper, InstaBot, Tofsee, Kryptik, Malpack, and Glupteba. bbii extension, it implies that computer is infected with a ransomware from DJVU malware family.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |