icon-logo
  • Ransomware

PayloadBIN Ransomware

The PayloadBIN ransomware is part of one of the world’s most feared groups, the Evil Corp, this group is responsible for numerous attacks in the United States that have generated losses running into the millions of dollars.

The attacks were being so recurrent that the US Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions against the group, imposing fines on companies that dealt with the cybercriminals, making it very difficult to pay the ransom.

To try to get around these sanctions, the group created derivatives of its malware, developing the Wasted Locker, Hades, Phoenix, and the more recent PayloadBIN ransomware.

The Evil Corp group tried to mask PayloadBIN to make it look like it was a derivative of the BABUK ransomware. This group made an attack on the Metropolitan Police Department in Washington, DC. This attack put the group that controlled the BABUK ransomware as a prime target for government agencies, which caused them to shut down all activities.

With the emergence of the PayloadBIN ransomware which uses a similar structure to BABUK, it was implied that the group had not shut down, but this was not confirmed, this was just a strategy by Evil Corp to mislead authorities.

PayloadBIN uses the tactic of double extortion, which not only encrypts the data, paralyzing the company’s activities, but also steals the files and threatens to release them if the company does not contact them and pay the ransom.

Unlike other ransomware groups that use only one site for the leak, PayloadBIN creates a site for each company, and there discloses the weaknesses of the companies and releases samples of the stolen data.

A file named ‘PAYLOADBIN-README.txt’ is left on the computer containing instructions on how the victim can contact the group and pay the ransom.

Recover Files Encrypted by PayloadBIN Ransomware

Recovery of data encrypted by ransomware has become one of our greatest specialties, we have developed unique technologies for this purpose. We can recover virtually any device that has been affected by the ransomware attack, whether it’s HDDs, SSDs, Databases, Virtual Machines, Storages, RAID systems, and others.

Our experts have the best software and hardware technologies to make the recovery process as quick and safe as possible.

All our approaches are backed by the confidentiality agreement (NDA).

We know how problematic it is to have the company’s operation paralyzed because of encrypted files, so we created the recovery in emergency mode, in this mode our labs work 24×7 and we also have the technology to make the recovery remotely.

Contact us and start the diagnosis right now, our specialists are at your disposal.

Editorial Team

Editorial Team

Team Digital Recovery is composed of data recovery specialists who, in a simple way, aim to bring information about the latest technologies on the market, as well as inform about our ability to act in the most complex data loss scenarios.

Digital Recovery helps companies recover data

TALK TO A SPECIALIST

Check out other posts

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar memoria flash

What is Flash Memory?

Since its invention in the 1980s, Flash memory has revolutionized digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines

READ MORE →
All Variants
Success Cases
Recover Ransomware

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Talk to an Expert
Single
Virtual Machine
Storage
Raid System
Special Cases
Database
Tape
Cybersecurity
DIGITAL FORENSIK
4D-Pentest

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery

Talk to an Expert
Choose your country