Ransomware Research
BiBi Ransomware
BiBi is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on October 1, 2023, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- BiBi
- First Seen
- October 1, 2023
How BiBi Ransomware Works
Targeted Files
https://tria.ge/231031-reh7eshd5t/behavioral2 https://www.securityjoes.com/post/bibi-linux-a-new-wiper-dropped-by-pro-hamas-hacktivist-group https://www.linkedin.com/pulse/bibi-wiper-gaza-war-now-goes-windows-dmitry-bestuzhev-yftze https://www.bleepingcomputer.com/news/security/new-bibi-linux-wiper-malware-targets-israeli-orgs-in-destructive-attacks/
File Encryption Patterns
BiBi modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
./\.[bB][iI1][bB][iI1][0-9]{1,5}$/
Technical Indicators
Associated Executable Files
The following executable files are associated with BiBi ransomware:
bibi.exe
bibi.exe.dnr
Elastio Can Help You
Don't let BiBi ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This BiBi ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like BiBi.
Last updated: July 30, 2025