The Badencript Ransomware is a threatening application that, judging by its flaws and limited functionality, may be an unfinished product. Malware researchers came across the sample of the BadEncript Ransomware when it was uploaded to an independent online virus scan service, and it is very likely that the uploader was the author himself. The analyzed sample does feature a working encryption algorithm, but there is one major flaw with it – it does not store the decryption key anywhere. This means that the decryption key is only present in the computer’s memory, and it will be purged from there as soon as the BadEncript Ransomware’s process is terminated. Although it is very unlikely that the BadEncript Ransomware is being distributed actively, if by any chance some of our readers get infected with this crypto-threat, they must not shut down or restart their computers under any circumstances, since this may reduce their chances of fully recovering their data significantly.
When the BadEncript Ransomware penetrates a computer’s defenses successfully, it performs several actions to encrypt the user’s files, generates a ransom note, and purges the Shadow Volume Copies, therefore reducing the victim’s chances of restoring their files via 3rd-party data recovery software. Every file that the BadEncript Ransomware encrypts will have its file extension changed to ‘.bript’ (e.g. ‘music.mp3’ will become ‘music.mp3.bript’). The ransom note that the BadEncript Ransomware uses to inform its victims what they need to do to get their files back can be found in the file ‘more.html,’ which should be placed on the desktop once the encryption routine has been completed.
The BadEncript Ransomware’s Authors are Unable to Restore Your Files
The ransom note is rather short, and just like the crypto-threat, it also looks unfinished. The first line tells victims that they need to pay a ransom fee by sending Bitcoins to the wallet address seen in the message. However, the authors of the BadEncript Ransomware don’t state how much money the users should send, nor do they provide them with any contact information. In addition to this, the attackers assure the victim that their files will be unlocked automatically once the money has been sent, but the BadEncript Ransomware is unable to do this. This means that any money sent to the wallet address found in the BadEncript Ransomware’s note will be lost forever, and the victim is very unlikely to receive decryption instructions. A quick check shows that the wallet address used by the BadEncript Ransomware’s authors is empty so that the cyber crooks have not fooled anyone into paying the ransom fee yet successfully.