Banta Ransomware

Posted by Sarah Stewart on August 28, 2019

What is Banta Ransomware?

Banta Ransomware is one of those annoying infections that seemingly do not appear to be special, but they can still encrypt your files and leave you hanging. If we want to mitigate the damage caused by such intruders, we have to make sure that our files are backed up either on an external hard drive or some virtual storage. You see, it is not hard to remove Banta Ransomware from the infected system, but it might be quite challenging to get all your files back. Therefore, if you need more help with file recovery, do not hesitate to address a professional.

Where does Banta Ransomware come from?

Banta Ransomware clearly uses the same ransomware distribution channels as its predecessors. This ransomware comes from the same group of infections as Phobos Ransomware, Dharma Ransomware, Kiratos Ransomware, and many others. They all look similar, and it is very likely that they use the same code, that is tweaked to make those programs look slightly different.

Perhaps the main difference between these programs is the extension that they all add to the names of the files that they encrypt. However, the route these programs take to access victim computers must be similar. Therefore, we believe that Banta Ransomware also arrives through spam email attachments. The problem here is that users download and open those attachments willingly. They think that the files are important documents. Spam email that delivers ransomware looks sophisticated, and it is easy to mistake them for invoices from online stores or reports from reputable institutions.

Here, we have to remember that it is always possible to check whether the files you have recently downloaded are safe or not. Simply scan the files with a security tool of your choice. This should give you a heads up, and it would also prevent ransomware infections from entering your computer.

What does Banta Ransomware do?

As mentioned, this program is your regular ransomware infection, so it will do everything a “normal” ransomware app would do. It encrypts files in the %USERPROFILE%, %APPDATA%, %HOMEDRIVE%, and the %PROGRAMFILES% directories. It basically means that everything aside from your system files gets encrypted. The infection should also block you from running most of the programs that you have installed on your computer.

Once the encryption is complete, all the affected files will have a long extension added to them. The extension will have the word “banta” in it, as well as a long ID that the infection gives to every single affected system. Notably, each affected system gets a unique ID. This ID is used to identify systems so that the criminals behind this infection would know which system requires a decryption key.

Speaking of which, Banta Ransomware tells you about the methods to purchase the decryption key in the ransom note that is dropped on your Desktop. Here’s what the ransom note has to say:

!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: bytens@cock.li
If we don’t answer in 24h, send e-mail to this address: backuping@protonmail.com

The ransom note doesn’t say anything about the fee or what you should do if neither of the email addresses works. Either way, you shouldn’t even think of paying the ransom because there is no guarantee that these criminals would issue the decryption key.

True, Banta Ransomware is not decryptable as of yet. However, seeing that it comes from a big family of ransomware infections, it is very likely that a public decryption tool will be developed soon enough. What’s more, if you can get copies of your files from a backup or from some other storage, you do not need to hesitate any longer. Simply focus on removing Banta Ransomware and be done with it.

How do I remove Banta Ransomware?

This program doesn’t delete itself upon installation, so you need to remove the file that launched the infection. You can follow the manual removal instructions you will find below this description. On the other hand, if you do not feel like dealing with this infection on your own, you can acquire a powerful security application that will remove Banta Ransomware and everything associated with it from your system automatically. While you are at it, you should also scan your PC for other potential threats.

Manual Banta Ransomware Removal

  1. Delete suspicious files from Desktop.
  2. Go to the Downloads folder.
  3. Remove the most recent files from the folder.
  4. Press Win+R and type %TEMP%. Click OK.
  5. Delete the most recent files from the directory.
  6. Scan your system with SpyHunter. 100% FREE spyware scan and
    tested removal of Banta Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *