The Brotherhood Ransomware

What is The Brotherhood Ransomware?

The Brotherhood Ransomware is a file-encrypting threat our researchers encountered recently. According to them, it is doubtful the malicious application is being distributed yet as they believe it is still in the development stage. If you read the rest of our article, we will explain to you why we think the malware is not finished yet and how it works at the moment. What’s more, at the end of this article you should find our prepared deletion instructions. They might help users to get rid of The Brotherhood Ransomware if the hackers start distributing it. However, it is essential to understand the given steps might not necessarily work because if the malicious application ever gets finished, its working manner could change as well, for example, it could place data on the system that we would not expect to see at the moment of writing. Therefore, it might be safer to use a legitimate antimalware tool instead.test

Where does The Brotherhood Ransomware come from?

So far it does not look like The Brotherhood Ransomware belongs to any known ransomware families. Also, as we mentioned earlier, it is somewhat doubtful the malware is being spread yet. On the other hand, if it ever gets upgraded and the hackers decide to distribute it, we think they would choose either Spam emails or unsecured RDP connections since the two mentioned channels are the most popular ways to spread malicious applications like ransomware. This is why anyone who would like to protect their system against similar threats is advised to stay away from questionable email attachments and to make sure the system has no weaknesses (e.g., outdated software, weak passwords, and so on.).

How does The Brotherhood Ransomware work?

Our researchers at confirmed the malware has the ability to encrypt files. Nonetheless, it seems it can only affect data in the %USERPROFILE%\Documents for now. Files located there are enciphered by the malicious application with a strong encryption algorithm known as AES-256. To mark such files, The Brotherhood Ransomware should add the .ransomcrypt extension to each file, for example, picture.jpg.ransomcrypt, document.txt.ransomcrypt, etc. Afterward, it is supposed to create a picture named RansomNote.jpg. The text on it might look like a normal ransom note at first, but if you read it carefully, you should notice the price for decrypting user’s data is one hundred Bitcoins. Currently, even a single Bitcoin is worth more than seven thousand US dollars. Obviously, one hundred Bitcoins would be a ridiculously huge some most of users would be unable to pay. Beside the fact the malware encrypts only a small part of files that could be located on the computer, the huge prices is the other main reason we believe The Brotherhood Ransomware is still under the development stage.

How to erase The Brotherhood Ransomware?

The instructions available below will explain how the malware could be erased manually the way it is now. In other words, if The Brotherhood Ransomware is ever finished and distributed it is entirely possible completing these steps might not eliminate it entirely. This is why we would recommend using a legitimate antimalware tool instead.

Eliminate The Brotherhood Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Select Task Manager.
  3. Search for the threat’s process.
  4. Select this process and click End Task.
  5. Leave Task Manager.
  6. Tap Windows key+E.
  7. Navigate to the following paths:
  8. Find the file that infected the device.
  9. Right-click the malicious file and press Delete.
  10. Locate the malware’s ransom note (RansomNote.jpg), right-click it and press Delete.
  11. Close File Explorer.
  12. Empty your Recycle bin.
  13. Restart the system. 100% FREE spyware scan and
    tested removal of The Brotherhood Ransomware*

Stop these The Brotherhood Ransomware Processes:

TheBrotherHood Ransomware.exe

Remove these The Brotherhood Ransomware Files:

TheBrotherHood Ransomware.exe

Leave a Comment

Enter the numbers in the box to the right *