Billy's Apocalypse Ransomware
The Billy's Apocalypse Ransomware is a file-locking Trojan that's a variant of the previous Black Claw Ransomware. The Billy's Apocalypse Ransomware locks the user's media files with encryption attacks that hold the content hostage while it demands a ransom. Affected Windows users should recover from backups and have their anti-malware services securely delete the Billy's Apocalypse Ransomware.
The End Times Come Clawing for Your Files
A small-time Trojan with file-locking properties is getting updates from a probably-unrelated threat actor. The Billy's Apocalypse Ransomware, a plain variant of Black Claw Ransomware, is another threat that employs encryption to lock unprepared victims' media. Although its ransom-laundering method is, clearly, in use, most of the threat actor's transactions aren't about ransoming – which is a likely sign of a less professional and low-end campaign.
The Billy's Apocalypse Ransomware is a Windows Trojan that attacks media in default locations, such as the Windows user's Pictures, Documents or Desktop. In each directory, after encrypting the files with a traditional AES and RSA combination, it creates TXT and HTA notes. The latter has minimal changes from the old Black Claw Ransomware's letter and even keeps some of the telltale iconography, such as the claw 'slash mark' image. However, the threat actor asks for a specific amount of Bitcoins for unlocking the user's files instead of directing them towards an e-mail address for negotiations.
The Billy's Apocalypse Ransomware's campaign includes a handful of elements for identifying it as more distinct than the usual Ransomware-as-a-Services. It features a live countdown before doubling the ransom, appends 'apocalypse' extensions onto the files' names, and recommends Telegram communication with five minute response time. Much of the text is generic, English phrases that the threat actor is copying from old sources, such as some versions of Russia's Scarab Ransomware family.
Countering Potentially-Apocalyptic Consequences for Computer Data
Malware experts point out long-term activity throughout the year after inspecting the Billy's Apocalypse Ransomware's current wallet. However, most payments to the address don't match up with its Bitcoin demands of one hundred USD equivalent. Victims should avoid rewarding the threat actor since criminals always could take the money and run – without penalties, such as refunds, at stake in a cryptocurrency chain.
No public decryption or unlocking software exists for the Black Claw Ransomware or its younger iteration of the Billy's Apocalypse Ransomware. Since decryption solutions are preventable by threat actors without requiring much programming experience, users should always prepare alternatives for recovering their work. A backup on another device is ideal.
In general, malware analysts encourage avoidance of illicit downloads, caution around e-mail attachments, and turning off features like macros, Flash and JavaScript. Doing so helps prevent most attacks from these threats, while anti-malware solutions can disinfect compromised computers and remove the Billy's Apocalypse Ransomware – or block it.
The Billy's Apocalypse Ransomware is grasping out for 'free' money with, hopefully, limited success. Every payment into its wallet is another reason for extending its apocalyptic intentions to more files and justifying a business model that should be extinct.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.