BlooDy Ransomware

The BlooDy ransomware has been known since May 2022, with an attack targeting a group of medical and dental practices in New York City.

Recently, there was an event that pleased many cybercrime aspirants. Following a fight between the LockBit operator and its developer, the LockBit 3.0 ransomware builder leaked on Twitter.

This builder makes it accessible to anyone, to create a fully functional and customised encryptor and decryptor almost end-to-end.

As expected, many ransomware groups took the opportunity this tool offers and updated their ransomware. That’s exactly what the BlooDy group did.

Last week, the new version of the BlooDy ransomware, with features and improvements coming directly from the LockBit 3.0 ransomware, was used to attack an organization in Ukraine.

Despite the use of new features, the BlooDy group continued to maintain basically the same attack process as other gangs. The attackers break into the victim’s system using mostly email phishing techniques. They then steal the data by copying it to a secure server and then encrypt the data in the environment.

Previously, when encrypting files, the BlooDy ransomware added the .bloody extension to the infected files. However now, using the LockBit 3.0 builder, the extensions are not customisable. Therefore the new version of the BlooDy ransomware uses a defined extension when the encoder is built.

BlooDy operators generate a ransom note within the environment. A simple text file (.txt), which will inform the victim of the attack and give directions for the victim to contact those responsible for the attack.

The victim will also be able to read in this same file threatening phrases in case the ransom payment is not made. In absence of payment after a few days, the BlooDy group uses a Telegram channel to publish stolen data.

The new version of the BlooDy ransomware is just proof that the danger is imminent. It is to be expected that new ransomware groups will begin to appear and new attacks will be carried out around the world.

Recover files encrypted by Bloody ransomware

Digital Recovery is today a reference in the data recovery market. With more than 23 years of experience, we have managed to help companies that have been attacked by the vast majority of ransomware extensions.

Our team of developers managed to bring to the market an unprecedented and effective solution that allows us to recover data encrypted by ransomware in almost all storage devices, such as servers, virtual machines, RAID systems and others.

We have taken care to offer services based on the General Data Protection Regulation (GDPR), as we understand how important customer data is. In addition, we provide our clients with a confidentiality agreement (NDA) for all projects.

In most cases, our solution can be executed remotely, so whatever your location, Digital Recovery can act to recover your encrypted data.

Contact our team and recover your data.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Ransomware AtomSilo

AtomSilo Ransomware

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.