Bam! Ransomware

This ransomware stealthily infiltrates systems and encrypts various data. During encryption, this malware appends the “.bam!” extension to the name of each file (for example, “sample.jpg” is renamed to “sample.jpg.bam!”). Following successful encryption, Bam! changes the desktop wallpaper.

The new wallpaper contains a message that details the encryption and encourages users to buy decryption software. It is currently unknown whether Bam! uses symmetric or asymmetric cryptography, however, in any case, file decryption requires a unique key. This key is stored on a remote server controlled by cyber criminals. Users are encouraged to pay a ransom in exchange for a decryption tool with the key embedded within. To receive this, victims must supposedly contact cyber criminals via one of the email addresses provided.


The infection process of Bam! Ransomware virus begins with a simple click by the victim. This click can be on a file that is uploaded online, such as:
1. Fake installers of a program you may have sought for to download for free (media player, torrent downloader client, etc.)
2. Fake license activators or key generators that instead of activating a program, cause the infection.
3. In addition to this, the ransomware virus may be spread via what is known as mailspam or malicious e-mail spam. Such messages are often sent to victims under the pretext they are an important invoice, receipt from the bank or notification of suspicious bank activity. These e-mails may contain either an e-mail attachment that is actually the infection file.

Targeted files can be dropped in these locations with different names , usually common windows services:
%AppData% notepad.exe
%Temp% setup.exe
%Roaming% svchost.exe
%Common% update.exe
%System32% software-update.exe
%{userprofile}% random-alphanumeric.exe or some valid application name

It may also delete system backup and disable system recovery.

The .bam! file virus aims to attack only specific files on the infected computer, more importantly:

Audio files.
Virtual Drives.

Max Secure software has just launched cyrptomonitor tool which can completely prevent any cryptoransomware infecting your c and encrypting data. Get it from here Max Total Security

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>