icon-logo
  • Ransomware

Ransomware PayloadBIN

The PayloadBIN ransomware is part of one of the world’s most feared groups, Evil Corp, this group is responsible for numerous attacks in the United States, which has generated losses running into the millions of dollars.

The attacks were being so recurrent that the US Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions against the group, imposing fines on companies that did business with the cybercriminals, making it very difficult to pay the ransom.

To try to get around these sanctions, the group created derivatives of their malware, developing the Wasted Locker, Hades, Phoenix and the latest PayloadBIN ransomware.

The Evil Corp group tried to mask PayloadBIN to make it look like it was a derivative of the BABUK ransomware. That group carried out an attack on the Metropolitan Police Department in Washington, DC. This attack made the group that controlled the BABUK ransomware a prime target for government agencies and caused them to shut down all activities.

With the emergence of the PayloadBIN ransomware that uses a similar structure to BABUK, it was implied that the group had not shut down, but this was not confirmed, this was just an Evil Corp strategy to mislead authorities.

PayloadBIN uses the tactic of double extortion, that besides encrypting the data, paralyzing the company’s activities, they also steal the files and threaten to release them, if the company does not contact and pay the ransom.

Unlike other ransomware groups that use only one site for the leak, PayloadBIN creates a site for each company, and there divulges the companies’ weaknesses and releases samples of the stolen data.

A file named ‘PAYLOADBIN-README.txt’ is left on the computer containing instructions on how the victim can contact the group and pay the ransom.

Recover Files Encrypted by PayloadBIN Ransomware

Recovery of data encrypted by ransomware has become one of our greatest specialties, we have developed unique technologies for this purpose. We can recover virtually any device that has been affected by the ransomware attack, be it HDDs, SSDs, Databases, Virtual Machines, Storages, RAID systems and others.

Our experts have the best software and hardware technologies to make the recovery process as quick and safe as possible.

All our approaches are backed by the General Data Protection Act (LGPD) and the confidentiality agreement (NDA).

We know how problematic it is to have the operation of the company paralyzed because of encrypted files, so we created the recovery in emergency mode, in this mode our labs work 24×7 and we still have the technology to make the recovery remotely.

Contact us and start the diagnosis right now, our specialists are at your disposal.

Editorial Team

Editorial Team

Team Digital Recovery is composed of data recovery specialists who, in a simple way, aim to bring information about the latest technologies on the market, as well as inform about our ability to act in the most complex data loss scenarios.

Digital Recovery helps businesses recover data

TALK TO A SPECIALIST

Check out other posts

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar memoria flash

What is Flash Memory?

Since its invention in the 1980s, Flash memory has revolutionised digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines

READ MORE →
All Variants
Successful cases
Recover Ransomware

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Talk to an Expert
Single
Virtual Machine
Storage
Raid System
Special Cases
Database
Tape
Cybersecurity
Digital Forensik
4D-Pentest

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery

Talk to an Expert
Select your country