BandarChor Ransomware

Posted: September 8, 2015

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	87

First Seen:	September 8, 2015
Last Seen:	July 8, 2021
OS(es) Affected:	Windows

The BandarChor Ransomware is a file encryption Trojan that locks your files to force you to pay for their renewed use. Although the BandarChor Ransomware family's identification dates from mid-2014, its campaigns continue to see activity in the current year, with infection vectors using multiple strategies to target various victims. Malware researchers, as always, recommend your using the two-pronged approach of anti-malware products for deleting the BandarChor Ransomware, and reliable file backups for avoiding any collateral damage from its payload.

The Kind of File Encoding You Want to Avoid

Following along the lines of threats like the CryptPKO Ransomware or the Tox Ransomware, the BandarChor Ransomware is another file encryptor that selects its targets according to their file formats. Unlike the CryptPKO Ransomware, the BandarChor Ransomware doesn't pretend to be a tool of a law enforcement branch or an otherwise legitimate program. Instead, this file encryptor scans for files of specific types, encrypts them, and then demands a ransom to be paid directly to its admins, with no other pretenses behind the tactic.

The BandarChor Ransomware places both its executable file and its (image-based) ransom demand in the Windows startup folder, thereby guaranteeing that both load automatically. The victim's files are targeted for encryption according to their formats, with files such as JPGs and DOCs being especially at risk. A successful encryption will make the file unreadable until it can be decrypted, although malware researchers found the BandarChor Ransomware displaying an inconsistent rate of encryption in some infections. The affected files also are renamed, providing the victim with a visual indicator of the attack, as well as an e-mail address for ransom payment-related communications.

Ransoming Your Files Away at No Charge

PC users inexperienced with file encryptors might assume that paying any ransom demanded by BandarChor Ransomware's perpetrators is the only way to salvage their lost files. However, the people responsible for similar file encryption campaigns have no pressing reasons to honor any 'obligations' of business transactions by restoring the encrypted files to normal after they receive payment. Although the BandarChor Ransomware may target file backups for additional encryption, remote backups on cloud servers or unattached storage drivers should be unaffected. Thus, these common storage solutions remain the easiest way of recovering your files once you've deleted the BandarChor Ransomware.

The BandarChor Ransomware doesn't distribute itself and may install itself along with other threats. As a result, using anti-malware tools to scan the infected PC is the preferred method of uninstalling a BandarChor Ransomware infection. Malware researchers have verified two main means of the BandarChor Ransomware's distribution; via e-mail file attachments, as well as by exploit kits. For the former, using safe e-mail practices may suffice, but blocking exploit kits, which may load undetectably, always should be left to your Web-browsing security features and software. Updating your software also can lower the range of attack possibilities from these Web-based threats, which scan for exploits in common products like Flash or Java.

BandarChor Ransomware

Threat Metric

The Kind of File Encoding You Want to Avoid

Ransoming Your Files Away at No Charge

Leave a Reply