BDKR Ransomware

What is BDKR Ransomware?

Cyber criminals behind the old ransomware infection LockCrypt Ransomware have not stopped doing their dirty work. As specialists have noticed, BDKR Ransomware, which has turned out to be the new version of this malicious application, has been recently spotted by malware analysts. The malicious application is quite destructive, they say, but, of course, it shares the primary goal with its predecessor. To be more specific, there is no doubt that it has also been developed by cyber criminals to extract money from users easier. BDKR Ransomware not only encrypts personal files once it is launched but also drops its own copy to the %WINDIR% folder next to system files and creates a point of execution (PoE). As a consequence, it continues working in the background even after the system restart and kills all launched applications, which clearly shows that it is quite sophisticated malware. Luckily, it does not affect Task Manager – you could delete BDKR Ransomware from your system manually. It is not a problem if you do not know anything about the removal of malicious software because our specialists have prepared the step-by-step manual removal guide to make cleaning the system an easier task.

What does BDKR Ransomware do?

Once BDKR Ransomware is launched and encrypts discovered personal files, it scatters its ransom note around the affected computer. The malicious application also creates a point of execution for one of the ransom notes dropped in order to open it to users automatically. Surprisingly, the ransom note does not tell users that their files have been encrypted. Instead, it contains the following Warning line: “Warning: all your files are infected with an unknown virus.” Users also find out what they can do to decrypt their files: “to decrypt your files, you need to contact at big_decryptor@aol.com.” Needless to say, the decryptor will not be given to you for free. You will have to pay for it in Bitcoin. The exact decryptor’s price is not indicated in the ransom note, but we can assure you that it will not be cheap. We cannot promise that you will get it as well, so, in our opinion, you should find an alternative way to recover your files, for example, you can use a backup. Also, some versions of LockCrypt Ransomware are already decryptable, which suggests that the decryptor compatible with BDKR Ransomware might be released too, so it might be smart to wait a little longer before deleting all encrypted files mercilessly. No matter what you decide to do, the ransomware infection must be deleted from the system right away. Make sure no malicious components are left active on the system because it might revive and lock some more files on your PC.

Where does BDKR Ransomware come from?

Do all your personal files have a new tail .BDKR and a unique ID attached? If it is exactly what you see, it means that they have been locked by BDKR Ransomware. Let’s talk about its distribution. Usually, it is distributed as a harmless-looking attachment via spam emails, which is quite a popular ransomware distribution method. It is probably only one of several ways to promote it, specialists say. According to them, you might encounter BDKR Ransomware if you use an RDP connection whose credentials are weak and can be easily cracked. Cyber criminals are constantly searching for weakly-protected RDP connections so that they could drop malware on users’ computers. In some cases, they choose a certain group of computer users only. Do not let yourself fall victim to malicious software – enable an antimalware tool on your system to prevent even the most harmful infections from entering it unnoticed.

How to delete BDKR Ransomware

While some ransomware infections can be disabled by erasing their launchers, i.e. the executable files that open them, you will have to put some more effort into disabling BDKR Ransomware because it has more than one component. They all have to be erased from the affected computer to make it gone. It is not a problem if you have never ever deleted any malicious application from your system – you should use our manual removal guide. Since the ransomware infection kills all launched applications, it might be impossible to clean the system using an automated malware remover. Unfortunately, not a single file will be unlocked on your computer even if you remove this infection fully.

BDKR Ransomware removal guide

1. Press Ctrl+Shift+Esc to open Task Manager.
2. Open Processes.
3. Locate the process named after the malicious file launched.
4. Kill it.
5. Kill the process named searchfiles.exe.
6. Close Task Manager and launch Run (tap Win+R).
7. Type regedit and click OK.
8. Move to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\.
9. Delete two values: searchfiles and unlock.
10. Close Registry Editor.
11. Open Windows Explorer.
12. Access %WINDIR%.
13. Delete searchfiles.exe.
14. Remove the ransom note How To Restore Files.txt from all affected directories.
15. Delete all suspicious files you have downloaded/opened recently.
16. Empty your Recycle Bin. Download Removal Tool100% FREE spyware scan and
    tested removal of BDKR Ransomware*