Geek's Advice

BNFD ransomware encrypts your files

BNFD is a new member of the Matrix ransomware family that aims to deny user’s access to personal files. After doing so, it creates a ransom note called BNFD_README.rtd that contains information about the cyberattack. The files affected by the virus can be identified quite easily since they are renamed during the encryption process. The malware replaces the original file name with the Benford333@criptext.com email address and a string of random characters. Extension .BNFD is also added at the end, so, for example, a file named A.docx might be changed to [Benford333@criptext.com].CbWbBGLK-4QWdd6bX.BNFD after the encryption process is carried out.

This guide explains modus operandi of this ransomware, its distribution and prevention methods, as well as complete removal guide.

Contents of the ransom note

Like other members of the Matrix malware family, BNFD virus drops a ransom note in every affected folder of your system. The contents of the message are unambiguous – it contains the main information about what has been done to your system and how to revert these changes.

The message states that your files have been encrypted using AES-256 + RSA-2048 cryptography algorithms. This basically means that the corrupted data is encoded using symmetric as well as asymmetric encryption methods. To put it more simply, these ciphers are considered to be military-grade so breaking them manually is basically impossible – AES and RSA cryptography have been created to safely transmit information.

Each encryption case creates a unique BNFD decryption key – the only real way to regain access to corrupted files is by having this key in your possession. However, in most crypto-malware infection cases the cybercriminal has this key and uses this circumstance to extort the victim for money. The message also presents instructions on how to contact the hackers in order to regain access to the data.

After contacting one of the ransomware developers’ emails ([Benford333@criptext.com], [Benford333@protonmail.com] or [Benford333@tutanota.com]), the victim will be presented with an opportunity to test the decryption method. The user is urged to send 3 encrypted files that do not have any valuable information in it to receive them back decrypted. It is important to remember, that this tactic is used to trick the user into thinking that the regained access to his files is reachable by hand.

Do not pay the ransom!

However, no matter how much cyber criminals try to convince you, you should never follow their instructions, make a contact with them, or pay the ransom. This is due to a couple of reasons. Firstly, most of the ransomware developers cannot be trusted. There are numerous cases when the victim is scammed even after making the initial payment. For example, they could charge you even more if they see a window of opportunity to extort you more. Keep in mind, that BNFD ransomware developers are completely profit-driven.

Secondly, meeting hackers’ demands is not solving any problems when looking at the bigger picture. As long as they have victims that pay them money, ransomware creators will continue to develop new variants of the malware. By refusing to pay them, you do the most reasonable thing in this kind of situation.

Ransomware distribution methods

If you are wondering how you managed to get infected by BNFD, you could argue that there are a couple of most probable pathways. Firstly, the malspam campaigns are often used to proliferate various types of malware. To explain it shortly, this is a simple social-engineering scheme that typically contains a simple method – sending large amounts of deceitful emails to random internet users in order to trick them into clicking a malicious link inside of the email or opening a file attached to it. Once this is done, the virus tries to penetrate your system’s security.

The second method, which is widely used by cybercriminals to proliferate their malware is attaching/including them to other files in untrustworthy download sites or file-sharing platforms. For example, downloading a supposedly free Adobe Photoshop program from a Torrent site might expose you to a cyberattack and cause harmful consequences. To be frank, there is no shortage of creativity when talking about hackers’ ability to find new ways to trick ordinary users into downloading their malware. It might be disguised as a software activation tool, crack, keygen, or other types of software.

Avoid getting infected

To prevent your system from suffering cyberattacks such as exposure to BNFD virus, you need to remember a couple of basic things when using the internet. Firstly, do not use untrustworthy download sites and file-sharing platforms. The potential damage to your system far outweighs the supposed benefit – this is the case most of the time.

Secondly, pay close attention when using your email – spam-recognizing algorithms are getting better every day, but a deceitful email might still get inside your main inbox. Never open or interact with suspicious-looking messages, especially with links or files inside of them.

And most importantly – regularly create backups – it is the most effective measure that could be taken when trying to protect yourself from exposure to cyberattacks.

Remove BNFD ransomware

To deal with a ransomware infection, you will need to use robust and trustworthy anti-malware software. Usually, this process is no easy feat, fortunately enough we have a guide down below on how to do it. Of course, you should take immediate action to remove BNFD ransomware from your PC since it does even more extensive damage.

After the complete removal, you will be able to use your back-up (provided that you have one) and restore any other damage done to your system. A perfect tool for this job is RESTORO – it will ensure that your system is working properly. To complete BNFD ransomware removal, follow the steps below:

OUR GEEKS RECOMMEND

Our team recommends removing malware using a professional antivirus software and then using the following tool to repair virus damage to Windows system files:

REPAIR VIRUS DAMAGE TO YOUR COMPUTER

DOWNLOAD RESTORO

RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically.

RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them.

Read full review here.

GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.

Alternative software recommendations

Malwarebytes Anti-Malware

Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.

System Mechanic Ultimate Defense

If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.

Matt Corey

Matt Corey is passionate about the latest tech news, gadgets and everything IT. Matt loves to criticize Windows and help people solve problems related to this operating system. When he’s not tinkering around with new gadgets he orders, he enjoys skydiving, as it is his favorite way to clear his mind and relax.