BandarChor is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on March 1, 2016, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Rakhni 2015.
Quick Facts
Ransomware Family
BandarChor
First Seen
March 1, 2016
Known Aliases
Rakhni 2015
How BandarChor Ransomware Works
Targeted Files
Full extension -> .id-[ID]_[email_address]
Autoruns.zip.id-6200928511_bingo@opensourcemail.org
https://www.bleepingcomputer.com/news/security/new-bandarchor-ransomware-variant-spreads-via-malvertising-on-adult-sites/
Requires C&C (can be launched with FakeNetNG)
https://github.com/aboveaboutbelow/BandarChorFileRestorer/blob/master/FileRestorer.py
File Encryption Patterns
BandarChor modifies encrypted files using specific patterns to mark them as encrypted:
This BandarChor ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like BandarChor.