PayloadBIN Ransomware

The PayloadBIN ransomware is part of one of the world’s most feared groups, the Evil Corp, this group is responsible for numerous attacks in the United States that have generated losses running into the millions of dollars.

The attacks were being so recurrent that the US Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions against the group, imposing fines on companies that dealt with the cybercriminals, making it very difficult to pay the ransom.

To try to get around these sanctions, the group created derivatives of its malware, developing the Wasted Locker, Hades, Phoenix, and the more recent PayloadBIN ransomware.

The Evil Corp group tried to mask PayloadBIN to make it look like it was a derivative of the BABUK ransomware. This group made an attack on the Metropolitan Police Department in Washington, DC. This attack put the group that controlled the BABUK ransomware as a prime target for government agencies, which caused them to shut down all activities.

With the emergence of the PayloadBIN ransomware which uses a similar structure to BABUK, it was implied that the group had not shut down, but this was not confirmed, this was just a strategy by Evil Corp to mislead authorities.

PayloadBIN uses the tactic of double extortion, which not only encrypts the data, paralyzing the company’s activities, but also steals the files and threatens to release them if the company does not contact them and pay the ransom.

Unlike other ransomware groups that use only one site for the leak, PayloadBIN creates a site for each company, and there discloses the weaknesses of the companies and releases samples of the stolen data.

A file named ‘PAYLOADBIN-README.txt’ is left on the computer containing instructions on how the victim can contact the group and pay the ransom.

PayLoadBIN Ransomware

Recover Files Encrypted by PayloadBIN Ransomware

Recovery of data encrypted by ransomware has become one of our greatest specialties, we have developed unique technologies for this purpose. We can recover virtually any device that has been affected by the ransomware attack, whether it’s HDDs, SSDs, Databases, Virtual Machines, Storages, RAID systems, and others.

Our experts have the best software and hardware technologies to make the recovery process as quick and safe as possible.

All our approaches are backed by the confidentiality agreement (NDA).

We know how problematic it is to have the company’s operation paralyzed because of encrypted files, so we created the recovery in emergency mode, in this mode our labs work 24×7 and we also have the technology to make the recovery remotely.

Contact us and start the diagnosis right now, our specialists are at your disposal.

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.