Discovered by Jakub Kroustek, BandarChor is a new variant of the high-risk ransomware called CryptFile2. Once infiltrated, BandarChor encrypts most stored data, making it impossible to use. During the encryption process, BandarChor adds the extension "id-[ID_of_victim]-[email@example.com].pip" to file names.
For example, "sample.jpg" can be renamed to a file name such as "sample.jpg.id-9415415956295813-[firstname.lastname@example.org].pip". Once the data is encrypted, BandarChor opens a pop-up window containing a ransomware message.
The message informs victims of the current situation: the data is encrypted and can only be restored with a unique decryption key. Unfortunately, this information is accurate. It is currently unknown which cryptography (symmetric or asymmetric) BandarChor uses. In any case, decryption requires a unique key generated individually for each victim.
All keys are stored on a remote server controlled by the cybercriminals (the developers of BandarChor). Each victim must pay a ransom to obtain their keys. The cost is not specified - all information is provided via e-mail. Note, however, that cybercriminals usually ask for between 0 and ,500 in bitcoin, Monero or another crypto-currency.