TrendMicro analyze the technical details of a new ransomware family named Big Head.
Big Head, which came out in May 2023, has at least three variants, all designed to encrypt files on victims’ machines to extort money, like other ransomware variants. One Big Head ransomware variant displays a fake Windows Update, potentially indicating that the ransomware was also distributed as a fake Windows Update. One of the variants has a Microsoft Word icon and was likely distributed as counterfeit software.
The ransom note clearly indicates that the malware developer utilizes both email and Telegram for communication with their victims. Upon further investigation with the given Telegram username, TrendMicro were directed to a YouTube account. The account on the platform is relatively new, having joined on April 19, 2023, With a total of 12 published videos as of this writing. This YouTube channel showcases demonstrations of the piece of malware the cybercriminals have. In a pinned comment on each of their videos, they explicitly state their username on Telegram. TrendMicro also checked their Bitcoin wallet history and found transactions made in 2022, indicating this ransomware may have been operational, possibly under a different name, since then.