A few years ago, the Bucbi Ransomware terrorized Windows user by she encrypted their personal files by using an RSA encryption algorithm. This threat arbitrarily attacked computer users and their distribution had no sense or reason. Just like most Ransomware threats nowadays this infection relied on exploit kits and phishing attacks to penetrate into computer, but nobody was specifically attacked. Although this infection likely tons of money generated for your developers, these considering that she demanded a fee of 0.5 BTC by each individual victims, are still not satisfied, and the malicious Bucbi Ransomware reappeared recently with an upgrade. This infection is more dangerous than ever, and it is vital that you protect yourself against.
It is unlikely that you will become a victim of Bucbi Ransomware, if you are a regular user of Windows, at least not directly. According to the latest research, this infection especially on corporate networks counting down, and it is now very carefully planning their attacks. Regular users could become victims indirectly this infection, if your private data, which are stored on corporate networks, would be published these users aren’t all in all, what these Ransomware aims. According to researchers of the network of Palo Alto, this malicious infection uses RDP (Remote Desktop Protocol) connections to take over corporate networks, which is probably using a tool called “RDP Brute”. RDP can be used to access remotely to the server, but in most cases, they are used for administrator access. The so-called brute force RDP is used in the case of Bucbi attack, to identify RDP server. Once a server has been detected, the infection attempts to login as administrator what permission gives the remote attacker if successful, to do what he wants. Are some of the user name with which this infection is attempting to log on, administrator, Admin, HelpAssistant, POS, SALES, and staff. This type of attack could be prevented by using strong passwords and set the system, it will be locked after several failed login attempts.
The connection to a C & C Server (control and command) is not required for the Bucbi Ransomware after it has penetrated, making them even more dangerous. Remote attacker take over full control of the desktop and you can initiate the file encryption. It is also noteworthy that this infection can publish sensitive data and at the same time observe the network traffic. Once it is in attack mode, encrypted this infection files in different directories in the system, bypasses the Windows – and program files (program files (x 86)), not to disturb the functioning of the operating system. This infection aims to hijack files that can not easily be restored. These files are encrypted using a strong encryption algorithm, but that’s not all. As mentioned earlier, it is possible that private files are published, what still should induce the administrators of affected networks, to follow the requirements listed under them. The Bucbi Ransomware could represent these requirements via a pop-up window or on the desktop background, and they are about a README. Text on the desktop. Here are the requirements.
It is unclear whether or not these Ransomware belongs to the Ukrainian right sector, and it is possible that this name is only used to conceal the real cyber-criminals. According to our research, the IPs that were used for the attacks of this infection, were located in Russia, Switzerland, Romania and the Netherlands, which is why it is not known where the threat originated from. It is obvious that the cybercriminals behind this threat targeted at enterprise networks because the requested fee is extremely high. 5 BTC (Bitcoins) are converted 2260 USD or euro 1988, and it is unlikely that the regular computer user would pay so much money. Corporate networks on the other side may have no other choice, if you want to decrypt your files and keep your data safe. Bitcoin is an unstable currency and the conversion rate could be different at this stage already.
Taking into account that the Bucbi Ransomware has been updated, it is considered unpredictable Windows infection. In the past she was on regular computer users, and it is designed to encrypt personal files (for example, photos and documents) by using the RSA encryption algorithm. At the moment, this infection of brute force RDP use attacks, to take over the administrative privileges on corporate networks. There are some things that you can do to prevent the infiltration of this malware, and is the first to implement reliable updated security software. In addition, it is important to protect the administrator accounts. We recommend the use of strong passwords, the implementation of two factors authentication system and possibly the setting that systems after a certain number of failed attempts to login, be locked. It is also a good idea to search that could observe RDP and stop brute force attacks to software.
Warning, multiple anti-virus scanners have detected possible malware in Bucbi Ransomware.
| Anti-Virus Software | Version | Detection |
|---|---|---|
| McAfee | 5.600.0.1067 | Win32.Application.OptimizerPro.E |
| Dr.Web | Adware.Searcher.2467 | |
| Qihoo-360 | 1.0.0.1015 | Win32/Virus.RiskTool.825 |
| NANO AntiVirus | 0.26.0.55366 | Trojan.Win32.Searcher.bpjlwd |
| Malwarebytes | v2013.10.29.10 | PUP.Optional.MalSign.Generic |
| Tencent | 1.0.0.1 | Win32.Trojan.Bprotector.Wlfh |
| Kingsoft AntiVirus | 2013.4.9.267 | Win32.Troj.Generic.a.(kcloud) |
| VIPRE Antivirus | 22702 | Wajam (fs) |
| K7 AntiVirus | 9.179.12403 | Unwanted-Program ( 00454f261 ) |
| VIPRE Antivirus | 22224 | MalSign.Generic |
| Baidu-International | 3.5.1.41473 | Trojan.Win32.Agent.peo |
| McAfee-GW-Edition | 2013 | Win32.Application.OptimizerPro.E |
| ESET-NOD32 | 8894 | Win32/Wajam.A |
Bucbi Ransomware Behavior
- Installs itself without permissions
- Changes user's homepage
- Bucbi Ransomware Deactivates Installed Security Software.
- Steals or uses your Confidential Data
- Bucbi Ransomware Shows commercial adverts
Bucbi Ransomware effected Windows OS versions
- Windows 10
- Windows 8
- Windows 7
- Windows Vista
- Windows XP
Bucbi Ransomware Geography
Eliminate Bucbi Ransomware from Windows
Delete Bucbi Ransomware from Windows XP:
- Click on Start to open the menu.
- Select Control Panel and go to Add or Remove Programs.
- Choose and remove the unwanted program.
Remove Bucbi Ransomware from your Windows 7 and Vista:
- Open Start menu and select Control Panel.
- Move to Uninstall a program
- Right-click on the unwanted app and pick Uninstall.
Erase Bucbi Ransomware from Windows 8 and 8.1:
- Right-click on the lower-left corner and select Control Panel.
- Choose Uninstall a program and right-click on the unwanted app.
- Click Uninstall .
Delete Bucbi Ransomware from Your Browsers
Bucbi Ransomware Removal from Internet Explorer
- Click on the Gear icon and select Internet Options.
- Go to Advanced tab and click Reset.
- Check Delete personal settings and click Reset again.
- Click Close and select OK.
- Go back to the Gear icon, pick Manage add-ons → Toolbars and Extensions, and delete unwanted extensions.
- Go to Search Providers and choose a new default search engine
Erase Bucbi Ransomware from Mozilla Firefox
- Enter „about:addons“ into the URL field.
- Go to Extensions and delete suspicious browser extensions
- Click on the menu, click the question mark and open Firefox Help. Click on the Refresh Firefox button and select Refresh Firefox to confirm.
Terminate Bucbi Ransomware from Chrome
- Type in „chrome://extensions“ into the URL field and tap Enter.
- Terminate unreliable browser extensions
- Restart Google Chrome.
- Open Chrome menu, click Settings → Show advanced settings, select Reset browser settings, and click Reset (optional).