BSS Ransomware
The BSS Ransomware is a variant of Hidden Tear, a file-locking Trojan serving as an educational example of threatening software. This version of the Trojan has an additional pop-up feature for delivering its ransoming message, although its core symptom remains blocking your media files by encrypting them. Have your backups kept on other devices for restoring them safely and use anti-malware tools for uninstalling the BSS Ransomware if your PC becomes infected.
This German Trojan Craves a Kebab
The Hidden Tear project of such fame is far from the most sophisticated version of a file-locking Trojan and falls short of the more in-depth attacks of most RaaS equivalents like Russia's Scarab Ransomware. However, because of how widely available its code is, many threat actors with little programming experience are interested in creating their private spin-offs of the threat, such as the BSS Ransomware. Malware experts can trace some parts of the file-locking Trojan to older variants like the EyLamo Ransomware, although this newest build is in mid-development and isn't ready for attacking the public.
The BSS Ransomware searches infected PCs for media files, such as their downloads, desktop contents, documents, music or images. Once the BSS Ransomware finds the associated data, it blocks it with an AES-256 encryption routine that converts the file into a non-opening one. Only a compatible decryption tool can restore the file to its readable format, although the AV industry already provides several unlocking applications for Hidden Tear, free of charge. Malware experts can't confirm any filename changes with the BSS Ransomware, but most file-locking Trojans will add new extensions (such as 'example.txt.locked' or 'second-example.encrypted').
While Hidden Tear doesn't include it, by default, the German threat actor for the BSS Ransomware has inserted another feature: a pop-up window that displays the ransoming instructions for his decryption help. Currently, it only shows a placeholder text, however, that requests cryptocurrency or a kebab – without giving any addresses, prices or other payment information.
Putting Another Clone of a Trojan Back in Hiding
Although the BSS Ransomware's author, the so-called 'Dennis,' is of apparent German origin, Hidden Tear doesn't discriminate between systems regarding their language settings or other, geography-based credentials. Most Windows systems are at risk from the Hidden Tear family, which includes not just the BSS Ransomware, but other file-locking Trojans like this year's TrumpHead Ransomware or last year's FORMA Ransomware, the Epoblockl Ransomware and the Scrabber Ransomware. All of these threats commit their encryption attacks as part of stealth-based, background processes.
Most brands of AV products have reasonable detection rates against the samples of the BSS Ransomware that malware experts can confirm to date. Updates could, however, make the file-locking Trojan more stealthy than previously, and users should maintain additional care around any likely infection sources, such as e-mail-attached documents, advertising network-delivered 'updates' and torrents. Although most users should delete the BSS Ransomware with dedicated anti-malware tools, when it's possible, only a specialized decryption program can recover any of the locked media.
The BSS Ransomware may very well never come to fruition as a public danger to the average Windows user's files, but that's no reason to relax on your backups. With other families of file-locking Trojans already in distribution, there's no time that it's safe to ignore the basics of data redundancy.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.