BrainLag Ransomware

BrainLag Ransomware is a new infection that apparently belongs to the Hidden Tear family. Our research team is still analyzing this threat to learn whether or not it is still in development, and if anything changes, we will update this report. At this point in research, the ransomware does not look developed because even though it can encrypt files, it does not ask for a ransom. Of course, it is possible that this malware was created only to encrypt the files, in which case, it truly is devious. On the other hand, even when victims are introduced to the option of paying the ransom and supposedly getting a decryptor, in reality, the exchange is fictitious. In most cases, the money is transferred, but the decryptor is not offered. Needless to say, if this ransomware has slithered into your operating system, your files might be lost. Although it was found that the malicious BrainLag Ransomware removes itself, you might have to erase some leftovers. Continue reading to learn how to do that, as well as how to protect yourself against other ransomware infections.

As you now know, BrainLag Ransomware belongs to the Hidden Tear family, but did you know that hundreds of other infections alike belong to it as well? Oxar Ransomware and RanRans Ransomware are a few that our research team has reported just recently. The thing is that one single source code can be used to build multiple threats, and, unfortunately, that source code is available to anyone. Once the infection is built, it has to be distributed, and, in most cases, a misleading spam email is used to carry the launcher as a file attachment. If he receiver of the spam email opens the file, the infection is executed. Once BrainLag Ransomware is executed on the PC, it encrypts files (most likely using an AES cipher) and attaches a unique extension (.xdxdlol) to their names. The threat also creates files called “bg.jpg” and “local.exe” (both placed in %HOMEDRIVE%\user\Folder). The .JPG file is used as the Desktop wallpaper, which shows a Grim Reaper icon along with the “Infected By BrainLag” message. Another file that the infection creates can be found on the Desktop, and it is called “read_me.txt.” This text file represents a short message informing that your computer was “hacked” and that your files were encrypted. If there is no other information, you can go ahead and delete all of these files.

What if BrainLag Ransomware offered a way out? If the infection offers a decryptor that allegedly could decrypt all of your files, you have to be mindful. As mentioned already, it is not likely that a decryptor would be offered to you if you transferred money to the cyber criminals’ Bitcoin Wallet. What other options do you have? If copies of your files are backed up, you should be able to access them after you delete BrainLag Ransomware. Alternatively, legitimate file decryptors exist. Unfortunately, they are rarely capable of deciphering the encryption keys used by ransomware, but, of course, if you have no other option, you should check this out. If all fails, you might have to count your losses. Hopefully, this infection has not invaded your operating system yet, and you still can protect your files against it. The first thing you should do is set up a backup. Do not rely on a system restore point because many infections can override it. Also, since new infections emerge every day, it is naive to say that you can protect your operating system against new invasions in the future. However, if your files are safe, you do not need to fear the consequences.

BrainLag Ransomware should remove itself from the operating system once it is done, but copies of the malicious launcher, as well as all ransom files can prevail. We have prepared a guide that shows how to delete BrainLag Ransomware leftovers, but you MUST run a full system scan afterward because we cannot guarantee that you will successfully erase this threat on your own. What if leftovers are found? A legitimate anti-malware tool should be able to detect and remove them right away. After all, you need a reliable anti-malware tool to protect your operating system anyway, and so this is a time as good as any to install it.

BrainLag Ransomware Removal

1. Examine the operating system for malicious files (make sure you analyze them before deleting them).
2. Right-click and Delete these suspicious files.
3. Also, Delete the ransom note file called read_me.txt on the Desktop.
4. Launch Windows Explorer (tap Win+E keys).
5. Enter %HOMEDRIVE% into the bar at the top to access this directory.
6. Delete the folder named user (before deleting it, open to see if it hosts the sub-folder named Folder that has bg.jpg and local.exe files inside).
7. Empty Recycle Bin and then perform a full system scan.