HOMETHREATSBI_D Ransomware
MALWARE FAMILY💰 FINANCIALHIGH

BI_D Ransomware

Internal ID: win.bid_ransomware
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Small and relatively simple ransomware for Windows. Gives files the .BI_D extension after encrypting them with a combination of RSA/AES. Persistence achieved via the Windows Registry. Kills all processes on the victim machine besides itself and a small whitelist of mostly Windows sytem processes and kills shadow copies.

Threat Analysis

BI_D Ransomware is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

Financially motivated threat actors like BI_D Ransomware prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, BI_D Ransomware is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

External References

Quick Facts

TypeMalware Family
Motivation💰 financial
Sophisticationhigh
Aliases1

Also Known As

win.bid_ransomware

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
BI_D Ransomware — Malware Family | Threat Intelligence | CTIWATCH.COM