Infected with BadNews Ransomware? Need to decrypt your files?
What is BadNews Ransomware
Recently, cryptoviruses are gaining the most distribution, in this article, we will examine one of them, which is called BadNews. Like many analogs, this virus encrypts user files and makes them unusable. In more detail, BadNews encrypts files and assigns them a new extension for this pattern: ID [victim’s_ID].BadNews. Files that are encrypted can be of different formats, for example, office documents, archives, photos or videos, PDF files and so on. After encryption, BadNews displays a pop-up that contains information about the redemption:
ALL DATA ON THIS PC HAS BEEN ENCRYPTED
To get the decryptor you should:
Send 1 test image or text file to BM-2cTAPjtTkqiW2twtykGm5mtocFAz7g5FZc@bitmessage.ch.
In the letter include your personal ID (look at the beginningof this document).
We will give you the decrypted file and say price fordecryption all files
after payment you will receive a decryptor and instructions
We can decrypt one file in quality the evidence that we have thedecoder.
Only BM-2cTAPjtTkqiW2twtykGm5cc0pyc@email@example.com can decryptyour files
Do not trust anyone BM-2cTAPjtTkqiW2twtykGm5mtocFAz7g5FZc@bitmessage.ch
Attempts to self-decrypting files will result in the loss ofyour data
Decoders for other IDs are not compatible with your ID data,because each user’s unique encryption key
According to the contents of the note, it becomes clear that scammers try to avoid prosecution under the law, so they need to contact them via e-mail and pay ransom in the cryptocurrency. The amount of redemption is not specified, but it can be with full confidence that it can reach several thousand dollars. Of course, you do not need to pay, because the main task of scammers is to get your money. We strongly recommend that you read our recommendations to remove BadNews and decrypt your files.
Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. If you want to decrypt your files, please follow our instruction below or, if you have any difficulties, please contact us: firstname.lastname@example.org. We really can help to decrypt your files.
How BadNews infected your PC
The lion’s share of penetrations is due to insecurity of network settings, moreover, users use free versions of antiviruses or completely, neglect them, which makes their computers vulnerable, because BadNews can come as an attachment to spam mailing or as a false update for a program. Whatever it was, you need to remove BadNews right now using our guides.
First of all, don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the BadNews virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to BadNews – files, folders, registry keys.
*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.
You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows
Restore your files using shadow copies
- Download and run Stellar Data Recovery.
- Select type of files you want to restore and click Next.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Once the scanning process is done, click Recover to restore your files.
Step 2: Remove following files and folders of BadNews:
Related connections or other entries:
How to decrypt files infected by BadNews?
You can try to use manual methods to restore and decrypt your files.
Decrypt files manually
Restore the system using System Restore
Although latest versions of BadNews remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Protect your computer from ransomware
Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.
Written by Rami Douafi