BDDY Ransomware

Posted by Lisa Blanc on January 15, 2020

What is BDDY Ransomware?

BDDY Ransomware belongs to the Matrix Ransomware family. It encrypts various files that could be valuable and then shows warning messages that urge victims to contact the malware’s developers and pay for decryption tools. Hackers might sound convincing in their messages, but keep in mind that there are no guarantees that they will deliver what they promise even if you do what is told. Naturally, if you do not think you can risk losing your money in vain, we advise not to put up with any demands. If you have backup copies, you can replace encrypted files with them as soon as you erase BDDY Ransomware, and your computer becomes malware-free again. To learn how to delete the malicious application manually, you should check the instructions located below this text. Of course, if the process seems too challenging, you should not hesitate to leave this task to a legitimate antimalware tool of your choice.testtest

Where does BDDY Ransomware come from?

Currently, the most popular ways to spread threats like BDDY Ransomware are sending harmful attachments to victims or tricking them into launching malicious software installers, fake updates, and so on. Thus, to avoid similar malicious applications, our researchers at Anti-spyware-101.com recommend being cautious when receiving data from unknown senders or when downloading files from file-sharing websites. It is best not to interact with data if you are not one hundred present sure that it is harmless, but if you have to, you should scan it with a legitimate antimalware tool. If it appears to be dangerous, your antimalware tool should help you keep your system safe and remove the malicious file.

How does BDDY Ransomware work?

Once BDDY Ransomware infects a device, it should drop a randomly named .bat file in the %APPDATA% directory. When launched, this file should delete all shadow copies, which is done to ensure that a victim could not restore his data from such copies. At the same time, the malicious application should encrypt user’s personal files; for example, it could encipher photos, documents, videos, and so on. Files that are affected should be renamed and receive a specific extension. For instance, a picture titled roses.jpg could turn into [Buddy@criptext.com].DsACnPOx-QArL93PO.BDDY.

After encrypting all valuable files, the malware should change the user’s Desktop picture with a black image containing a text written in red. The message should say that all files were encrypted and that to learn how to pay to receive decryption tools, users have to email the BDDY Ransomware’s developers. Similar, but a longer text should be provided on documents called #BDDY_README#.rtf that ought to be dropped in all directories containing encrypted files. It is unclear what how much money the threat’s creators want to receive, but if you do not want to risk losing your savings no matter how huge or small the sum might be, we advise against contacting them.

How to erase BDDY Ransomware?

Deleting BDDY Ransomware manually might be a difficult task. That is because the threat’s launcher’s name should be random, and it is impossible to say where the malware might place it. Thus, while you could delete some of the malware’s files manually, you might still need to employ a reliable antimalware tool to eliminate BDDY Ransomware. If you need any help, keep in mind that the instructions available at the end of this article can guide you through the deletion process.

Eliminate BDDY Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Pick Task Manager and select Processes.
  3. Locate a process belonging to the threat.
  4. Select it and click End Task.
  5. Exit Task Manager.
  6. Click Windows key+E.
  7. Locate these paths:
    %TEMP%
    %USERPROFILE%\Downloads
    %USERPROFILE%\Desktop
  8. See if you can find the malicious application’s launcher, right-click it, and select Delete.
  9. Navigate to: %APPDATA%
  10. Look for a randomly named .bat file (e.g., ph0cbAlq.bat), right-click it, and select Delete.
  11. Check the same location (%APPDATA%).
  12. Find a randomly named .bmp file (e.g., SdA4aP3O.bmp), right-click it, and select Delete.
  13. Locate documents called #BDDY_README#.rtf, right-click them separately, and select Delete.
  14. Exit File Explorer.
  15. Empty your Recycle Bin.
  16. Scan your computer with a legitimate antimalware tool to find and eliminate the malware’s leftovers.
  17. Restart the computer. 100% FREE spyware scan and
    tested removal of BDDY Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *