BASS-FES asks for 1 BTC for data recovery

BASS-FES (BitchASS File Encryption System) is a ransomware-type cyber threat that is based on the HiddenTear project. The virus uses AES cryptography[1] and appends the .basslock file extension to the encrypted files. Then it drops a ransom note called “the BASS the File the Encryption the Service Notice.txt” on the affected computer’s desktop.
The crypto-malware is most likely to infiltrate the device when a user opens an infected email attachment. When malware’s payload is installed and executed, the BASS-FES virus starts scanning the system looking for the targeted files. It aims at the most popular file types, such as Word documents, PDFs, various image, audio or video files, databases, and much more to make ransomware attack a disaster.
When all files are locked with .basslock extension, the BASS-FES ransomware delivers a ransom note in TXT file and provides data recovery instructions. Victims have to transfer 1 Bitcoin to the provided Bitcoin wallet address and send an email to bitchasshole@protonmail.com:
File Recovery Notice by BitchASS File Encryption System (BASS-FES)
Your files have been successfully encrypted and backuped in the cloud storage by BASS File Encryption System.
If you want to recover your files, please send 1 BTC to the following adress: [deleted ]
If you sent 1 BTC to the adress, email at bitchasshole@protonmail.com with your Bitcoin adress.
However, paying the ransom is not recommended because it might end up with money loss. Criminals might blackmail you and ask to pay even more. Besides, there’s no guarantee that they have working decryptor and keep their word. Thus, security experts from Finland[2] suggest remaining calm and focusing on BASS-FES removal.
We want to warn that ransomware is a dangerous cyber threat that downloads numerous hazardous files to the system and might inject malicious codes into various system processes. Therefore, it’s important to wipe out malware carefully. In order to remove BASS-FES without damaging the system, you should use reputable malware removal tools, such as FortectIntego.

Criminals use multiple ways to spread the virus
Developers of the file-encrypting virus rely on malicious spam emails to spread malware executable hidden-tear.exe. These emails typically pretend to be sent from legit companies[3] and organizations that warn about a serious issue. Most of the time criminals trick people into opening fake invoices, statements, and similar documents.
However, BASS-FES might also pretend to be a legit software or its update. Usually, suspicious pop-ups trick users that their computers might be infected with a virus and suggest installing unknown security software.
Additionally, malware might be hidden in illegal downloads that are available on various freeware download sites or P2P networks. Therefore, users are advised to stay vigilant and avoid clicking, opening or downloading suspicious content.
BASS-FES elimination instructions and alternative recovery methods
Data encryption seems to the main problems after the ransomware attack. However, it’s more important to delete malicious components from the system in order to use a computer safely again. If you try to restore files from backups or use third-party tools, you might get your files encrypted again, so you have to remove BASS-FES first.
To wipe out malicious program safely, you have to obtain reputable malware removal software. For BASS-FES removal, we highly recommend scanning the system with FortectIntego or MalwarebytesMalwarebytes. If you cannot install or run security software, boot your computer to Safe Mode with Networking as shown below.
Was this guide helpful?
Be the first to comment