A new Ransomware threat called BASS-FES has been detected by security specialists. It is yet another ransomware based on the open source crypto-threat Hidden Tear project. While the goal of Hidden Tear was to educate the public about the dangers of ransomware, the authors of threatening programs have used its code to create their own ransomware variants. In fact, the executable file for BASS-FES is named ‘hidden-tear.exe.’
The BASS-FES Ransomware main form of distribution is through corrupted spam emails that carry infected executable. The emails may appear to be sent by legitimate organizations in an attempt to trick the user into clicking on fake invoices, bank statements or other important documents. The users also should be careful because BASS-FES can infiltrate their computers through bogus software updates or infected program installers.
Upon installation on the victim’s machine, BASS-FES starts targeting and encrypting the most common file types such as Microsoft Office documents, OpenOffice, PDF, photo, audio, video files, as well as databases and archives. The ransomware uses the AES encryption algorithm and appends the ‘.basslock’ file extension to the encrypted files. To restore the user’s files, the cybercrooks demand a payment of 1 bitcoin, worth approximately $8250, to be sent to a bitcoin wallet address accompanied by an email to ‘[email protected]’ A text file called ‘BASS File Encryption Service Notice.txt’ containing the ransom note will be created on the infected computer’s desktop. The text of the note is:
‘BASS File Encryption System (BASS-FES)
Your files have been successfully encrypted and backed up in the cloud storage by BASS File Encryption System.
If you want to recover your files, please send 1 to the the following The BTC adress:
the if you sent 1 BTC to the adress, email at [email protected] with your Bitcoin adress.’
While it may be tempting to yield to the demands of the cybercrooks, paying them any amount of money is never a good idea. There is no guarantee that the creators of the threat will not simply run away without making any effort to decrypt the user’s files. The best course of action is to remove the ransomware with a trusted anti-malware software and then try to restore your machine from a previously created backup.