Dark Web Profile: Big Head Ransomware - #BigHead
A new ransomware called Big Head emerged in May 2023 and targets Windows users globally. There are multiple variants of Big Head, all designed to encrypt files and demand ransom payments. Big Head is distributed through malvertising campaigns promoting fake Windows updates and Microsoft Word installers. The ransomware installs encrypted files that propagate the malware, enable Telegram communication, and encrypt user data. Big Head deletes backups, kills processes, checks for virtual environments, and disables the Task Manager before encrypting files and changing the victim's wallpaper with a ransom note. While the identity of the threat actor is unknown, details point to an Indonesian origin. Researchers analyzed Big Head's basic encryption methods, weak evasion techniques, and predictable strings, suggesting inexperienced developers, but the malware continues to be enhanced.