The BlooDy ransomware has been known since May 2022, with an attack targeting a group of medical and dental offices in New York City.
Recently, there was an event that pleased many cybercrime wannabes. After a fight between the LockBit operator and its developer, the LockBit 3.0 ransomware builder leaked on Twitter.
This builder makes it accessible to anyone, to create a fully functional and customized encryptor and decryptor almost end-to-end.
As expected, many ransomware groups took advantage of the opportunity this tool offers and updated their ransomware. This is exactly what the BlooDy group has done.
Last week, the new version of the BlooDy ransomware, with features and improvements coming directly from the LockBit 3.0 ransomware, was used to attack an organization in the Ukraine.
Despite the use of new features, the BlooDy group continued to maintain basically the same attack process as other gangs. The attackers break into the victim’s system using mostly email phishing techniques. They then steal the data by copying it to a secure server and then encrypt the data in the environment.
Previously, when encrypting the files, the BlooDy ransomware added the .bloody extension to the infected files. However now, using the LockBit 3.0 builder, the extensions are not customizable. Therefore the new version of the BlooDy ransomware uses a defined extension when the encoder is built.
BlooDy’s operators generate a ransom note within the environment. A simple text file (.txt), which will inform the victim of the attack and give directions for the victim to contact those responsible for the attack.
The victim will also be able to read threatening phrases in this same file if the ransom payment is not made. In the absence of payment after a few days, the BlooDy group uses a Telegram channel to publish stolen data.
The new version of the BlooDy ransomware is just proof that the danger is imminent. It is to be expected that new ransomware groups will start to appear and new attacks will be carried out around the world.
Recover files encrypted by BlooDy ransomware
Digital Recovery is today a reference in the data recovery market. With more than 23 years of experience, we have managed to help companies that have been attacked by the major ransomware extensions.
Our team of developers managed to bring to the market an unprecedented and effective solution that allows us to recover data encrypted by ransomware on almost any storage device, such as servers, virtual machines, RAID systems and others.
We provide our customers in every project with a confidentiality agreement (NDA).
In most cases, our solution can be performed remotely, so whatever your location, Digital Recovery can act to recover your encrypted data.
Contact our team and recover your data.