What is the Banjo Ransomware / Virus?
The Banjo Ransomware / Virus is a new form of the Phobos ransomware. This ransomware infects a users computer and even a network and will encrypt all of their files. Currently, there is no way to decrypt these files after the Banjo virus has encrypted them. So if you are reading this in hopes of finding a way to we are sorry to disappoint. We hope that you have a backup that was not connected to any of the infected computers. If not we suggest you head over to this blog about “how to recover Banjo Ransomware files” and try a few of the suggested tips. While for us they only worked for one client, we still suggest you try.
How did I get infected?
With this virus, there are a few ways you could have gotten infected with it. One of the most common ways is with the use of a phishing email or with the creation of fake sites. These sites will impersonate very common sites and services. You have to be careful for the simple reason these sites look and sound very similar to their legit counterparts.
One way these hackers get the code to its victims is with the creation of a macro infected document. These documents can look just like a normal word doc, excel spreadsheet, powerpoint etc.
One way that has yet to be proven is through open RDP ports. Now, we are not saying that this is not possible. However, what we are saying is that this is something we have yet to see or have we have read about from a proven source. The fact still remains though that leaving RDP ports open should be something of the past. One of the best ways to secure remote users access to your network should be through the creation of a VPN. For this, we suggest using SonicWall.
What Does The Banjo Virus Do?
As part of the Phobos ransomware family, the Banjo Ransomware will keep to its “roots” so to speak. This process is started by data gathering, this can hijack sensitive user data along with a list of hardware components. Why is this important you ask? Simple. With this list, this ransomware can now bypass security engines.
Once the intrusion has been made the banjo virus can start. This can mean setting the ransomware as a persistent threat. That basically means it will run every time the computer is turned on. Trust us, it is a real pain to deal with. This is also the time the banjo virus will start deleting things such as sensitive files, shadow volume copies, restore points and several other key parts.
Then the encryption and file name changes start. When this starts it will start using a strong cipher to encrypt user files such as archives, databases, multimedia files, documents, photos, and several other files. These files will then be renamed with the extension .banjo. Trust us on this, each one of these files will remain inaccessible until its code is reverted back to the original state.
What Should you do?
Now, this is the million-dollar question. However, under any circumstances should you pay any ransomware sum. There is no guarantee your files will get recovered, or even if your files will not be corrupted after they are decrypted. Your best bet is to contact your IT help desk or an outsourced IT company that deals with these types of things. If you are an advanced “IT” user then check out our blogs here to find out how to remove this virus, try to recover files and how to prevent the Banjo Ransomware/virus from getting into your network again.
How To Remove the Banjo Ransomware / Virus
Recover Banjo Ransomware / Virus Files
How to prevent the Banjo Ransomware / Virus.