Dharma ransomware has been around for a while now. This cryptovirological family continues to live and thrive in the cyberspace with the development of its new variants after every couple of months or even weeks. Cybersecurity experts have discovered yet another cryptovirological strain from the Dharma lineage called Bgtx.
As per the initial investigations into the activity of this new Dharma variant, it uses the combination of RSA and AES encryption modules. This combo makes it a really daunting task for ransomware removal experts to crack the encryption. It is nearly impossible to come up with a single decrypter for this type of mixed encryption because it uses a different algorithm for every affected device.
Bgtx ransomware usually distributes its payload through phishing emails and P2P networks. Once it successfully infiltrates the device, it appends every file with a long extension containing attackers’ ID and ‘.Bgtx’. As soon as the encryption completes, every folder on the affected device gets the ransom note in a text file format named FILES ENCRYPTED.
The ransom notes ask the affected users to immediately contact the attackers in order to keep the extortion amount for ransomware removal low. However, it doesn’t specify any particular amount. Moreover, a detailed guideline to buy Bitcoins is also given in the ransom note.
Attackers are also providing decryption guarantee
To ensure users that they have the pertinent solution to unlock the encrypted files, the Bgtx operators are offering free decryption of one non-archived file of less than 1 Mb. They also make it clear that the file sent for free decryption must not contain any valuable information (databases, long excel sheets etc). The attackers also warn the victims to not attempt ransomware removal on their own because it can result in the permanent loss of data.
