Ransomware PayloadBIN

The PayloadBIN ransomware is part of one of the world’s most feared groups, Evil Corp, this group is responsible for numerous attacks in the United States, which has generated losses running into the millions of dollars.

The attacks were being so recurrent that the US Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions against the group, imposing fines on companies that did business with the cybercriminals, making it very difficult to pay the ransom.

To try to get around these sanctions, the group created derivatives of their malware, developing the Wasted Locker, Hades, Phoenix and the latest PayloadBIN ransomware.

The Evil Corp group tried to mask PayloadBIN to make it look like it was a derivative of the BABUK ransomware. That group carried out an attack on the Metropolitan Police Department in Washington, DC. This attack made the group that controlled the BABUK ransomware a prime target for government agencies and caused them to shut down all activities.

With the emergence of the PayloadBIN ransomware that uses a similar structure to BABUK, it was implied that the group had not shut down, but this was not confirmed, this was just an Evil Corp strategy to mislead authorities.

PayloadBIN uses the tactic of double extortion, that besides encrypting the data, paralyzing the company’s activities, they also steal the files and threaten to release them, if the company does not contact and pay the ransom.

Unlike other ransomware groups that use only one site for the leak, PayloadBIN creates a site for each company, and there divulges the companies’ weaknesses and releases samples of the stolen data.

A file named ‘PAYLOADBIN-README.txt’ is left on the computer containing instructions on how the victim can contact the group and pay the ransom.

PayLoadBIN Ransomware

Recover Files Encrypted by PayloadBIN Ransomware

Recovery of data encrypted by ransomware has become one of our greatest specialties, we have developed unique technologies for this purpose. We can recover virtually any device that has been affected by the ransomware attack, be it HDDs, SSDs, Databases, Virtual Machines, Storages, RAID systems and others.

Our experts have the best software and hardware technologies to make the recovery process as quick and safe as possible.

All our approaches are backed by the General Data Protection Act (LGPD) and the confidentiality agreement (NDA).

We know how problematic it is to have the operation of the company paralyzed because of encrypted files, so we created the recovery in emergency mode, in this mode our labs work 24×7 and we still have the technology to make the recovery remotely.

Contact us and start the diagnosis right now, our specialists are at your disposal.

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.