Infected with Blind Ransomware? Need to decrypt your files?
What is Blind Ransomware
Blind Ransomware is cryptoviral extortion, that uses RSA and AES algorithms to encrypt user data. This particular ransomware appends .blind and .kill suffixes to compromised files. It also adds developers e-mail to the filenames: email@example.com or firstname.lastname@example.org. Usually, malware attacks files, that represent value for the user – documents, presentations, photos, video, music. After finishing encoding files, Blind Ransomware creates following file: How_Decrypt_Files.hta with following contents:
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail email@example.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:
Your personal identification number:
Virus then demands 0.5 BitCoins to restore your files and offers users to contact them via e-mail. It is not recommended to pay the hackers, as you can put your bank details at risk, and there is no guarantee decryptor will be sent. Despite the fact, that there is currently no decryption tool available you can use tutorial on this page to remove Blind Ransomware and restore .blind or .kill files manually.
How Blind Ransomware infected your PC
Blind Ransomware usually infects your PC through infected email attachments (be careful, as cyber criminals usually mask their spam malicious emails with attachments into Ebay email or any other popular trusted website), fake software updaters and trojans – that’s why good anti-viruses is vitally important to avoid ransomware threat. You can also get this ransomware on file sharing networks, including torrent files. Ransom is asked to be paid in BitCoins, that also makes the task difficult for the police, as user in this network are often anonymous. Encryption starts in the background. Way to protect your computer from such threats is to use antiviruses with crypto-protection like HitmanPro.Alert with CryptoGuard.
First of all don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer, before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Blind Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
SpyHunter 4 – fully removes all instances of Blind Ransomware – files, folders, registry keys.
Step 2: Remove following files and folders of Blind Ransomware:
Remove following registry entries:
Remove following files:
How to decrypt files infected by Blind Ransomware (.blind and .kill files)?
Use automated decryption tools
There is ransomware decryptor from Kaspersky that can decrypt .blind and .kill files. It is free and may help you restore .blind and .kill files encrypted by Blind Ransomware virus. Download it here:
You can also try to use manual methods to restore and decrypt .blind and .kill files.
Decrypt .blind and .kill files manually
Restore the system using System Restore
Although, latest versions of Blind Ransomware remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged (in our case – Blind Ransomware by Blind Ransomware). This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Restore .blind and .kill files using shadow copies
- Download and run Shadow Explorer.
- Select the drive and folder where your files are located and date that you want to restore them from.
- Right-click on folder you want to restore and select Export.
- Choose export location and view restored files.
Protect your computer from ransomware
Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.
Information provided by: Alexey Abalmasov