Home Malware Programs Ransomware BrainLag Ransomware

BrainLag Ransomware

Posted: July 13, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 17
First Seen: July 13, 2017
OS(es) Affected: Windows


The BrainLag Ransomware is a Trojan that creates text-based ransom notes, hijacks your wallpaper, and locks your files by encrypting them. As a component of the Hidden Tear family, the BrainLag Ransomware may be compatible with freeware decryption solutions customized to that program, and malware researchers always recommend them over paying any con artist's ransom. Any anti-malware solution capable of identifying Hidden Tear's variants previously should be viable for deleting the BrainLag Ransomware equally before or after its file-locking attack.

A Look at Your Brain on Pixel Art Ransoms

The fad of 'retro' art in video gaming sometimes bleeds over into the threatening software sector, and even into variants of bedrock Trojan platforms like Hidden Tear. This group of file-blocking threats, which uses the AES encryption to barricade digital content until the victim pays, is being exploited by multiple, unrelated groups of threat actors. As a result, malware experts have yet to determine infection methods for the newest member, the BrainLag Ransomware, which not only locks your files but resets the Windows background for showing a gaming-inspired wallpaper.

The BrainLag Ransomware's administrator doesn't seem to have made any changes to the default encryption method, which uses the AES encoding for blocking different files, including documents, pictures, and Microsoft Office-affiliated media. The Trojan adds '.xdxdlol' extensions onto every file it enciphers, which is a tagline that malware experts haven't noted in other Hidden Tear variants. Although the encryption routine runs without any symptoms, afterward, the BrainLag Ransomware also hijacks the desktop wallpaper for displaying a pixel art image of the Grim Reaper, along with creating text messages.

The BrainLag Ransomware's text offers little information for the victim but does inform them of the encryption attack's occurrence. Since most con artists deploy file-encoding threats like the BrainLag Ransomware with accompanying Bitcoin or prepaid voucher-based ransom demands, malware analysts are assuming that the BrainLag Ransomware is in development. However, since its encryption is a derivative of Hidden Tear, its primary attack is fully operational and can block your files permanently.

The Benefits of Lagging on Extortion Payments

If the BrainLag Ransomware's author ever finishes developing this project, victims can anticipate receiving demands for payment to gain access to a possible decryption service. However, most versions of Hidden Tear are compatible with decryption software already available for free download. For threats with more secure encryption methods than that Trojan family, malware researchers also encourage maintaining backups on external devices or cloud services, either of which can prevent the BrainLag Ransomware from inflicting any irreversible encryption damage.

Infection methods vary between different groups of threat actors greatly, but Trojans of the BrainLag Ransomware's category often fall under one of the below themes:

  • Forged e-mail messages may deliver corrupted attachments that they disguise as automatic notifications, including alerts from internal office equipment or delivery messages. When opened, these attachments can load exploits for installing the BrainLag Ransomware automatically.
  • Website-based threats, such as the currently prominent RIG Exploit Kit, can scan for software vulnerabilities through an unprotected Web browser and initiate similar downloading attacks.
  • Some threat actors prefer installing Trojans like the BrainLag Ransomware manually after they use another way to compromise your PC, including brute-force attacks or phishing for passwords.

Whether you block this threat's encryption attack or recover from an infection afterward, always use anti-malware products to remove the BrainLag Ransomware's removal and confirm the lack of other threats compromising your computer.

The BrainLag Ransomware's author may choose to let this Trojan remain incomplete or finish the work he's begun on creating a viable threat for deploying in a live environment. No matter what he does, however, Hidden Tear still is ripe grounds for coders with a vested interest in taking advantage of people who aren't protecting their files.

Loading...