Home Malware Programs Ransomware Badday Ransomware

Badday Ransomware

Posted: October 2, 2019

The Badday Ransomware is a file-locker Trojan that's capable of preventing your files from opening due to encrypting them. Its family of the Globe Imposter Ransomware, also, imitates some symptoms of the Globe Ransomware and will leave ransom notes and change your files' names. Proper use of dedicated anti-malware products can remove the Badday Ransomware or prevent these attacks.

It's Never a Good Day for those Without Backups

The Globe Imposter Ransomware's 2.0 iteration is seeing the bulk of this family's growth in 2019. Members like the Erenahen Ransomware, the DDT Ransomware, the .DOCM Ransomware and the ANAMI Ransomware are mostly mildly-iterative. Shifts in their ransom notes, extensions, and addresses are their most significant points of individuality. They're also getting a new 'brother:' the appropriately-named the Badday Ransomware.

The Badday Ransomware includes the traditional, non-consensual encryption routine, which is the centerpiece of any Ransomware-as-a-Service family. A secure version of AES-256 encryption keeps most digital media files on the compromised system, such as pictures or text, from opening. This version of the family also includes executables or EXEs in the target list, which can prevent applications from opening, too – which is usually avoided by Trojans of this class.
Users looking for these locked files can search for the 'badday' extension that the Trojan places in their names, after the first extension (for instance, 'puppy.jpg' turns into 'puppy.jpg.badday'). Besides this minor change, the Badday Ransomware also updates the ransom note, which uses a template similar to that of the Erenahen Ransomware. Although malware experts find that most of the details are intact, the Badday Ransomware specifies corporate-level victims – offering a clue as to who the threat actors are targeting, and how.

Flipping the Day Over on Its Head

Ransomware-as-a-Service, like the Badday Ransomware's family, offers infinite possibilities for variety in the infection circumstances. Despite the flexibility of such businesses, malware researchers find most corporate-level attacks falling into specific patterns. Workers should be careful about e-mail interactions, particularly, for attached content with macros, which are rife with misuse for dropping file-locking Trojans. Network administrators also should attend to settings like RDP and ports, which, if left vulnerable, can invite a remote attacker inside.

The Globe Imposter 2.0 Ransomware family isn't one of the few RaaSes that's vulnerable to free decryption. Because of the typical deletion of Windows' default backups, users shouldn't depend on local reserves for retrieving any media. Instead, manage regularly-scheduled backups located on other devices.

Since nearly all anti-malware vendors will flag and delete the Badday Ransomware as a threat, protected Windows users shouldn't be at risk, regardless of other factors. What's bad for law-abiding citizens can be a boon for criminals, as well as the other way around. Delaying your backup plan might give you more time in a day, but you'll pay for it later – as long as Trojans like the Badday Ransomware make money.

Loading...