Cyber Security Center

Delete Bbii ransomware


Bbii ransomware is a file-encrypting malware, a version of the notorious Djvu/STOP ransomware. The cybercriminals operating this ransomware release new versions on a regular basis, often at least twice a week. Because file decryption is not always possible, Bbii ransomware is considered to be a very serious malware infection. Once files have been encrypted, you will only be able to decrypt them using a special decryptor. However, the only working decryptor is in the hands of cybercriminals who will demand almost $1000 for it.

 

Bbii ransomware

 

Bbii ransomware will initiate and start encrypting your files as soon as you open the malicious file. It will target personal files, including photos, videos, images, and documents. The files will have a .bbii extension, allowing you to easily identify which ransomware you’re dealing with and which files have been encrypted. For example, document.txt would become document.txt.bbii if encrypted. The ransomware drops a _readme.txt ransom note in all folders that encrypted files. It explains that in order to get the decryptor, paying $980 is necessary. Supposedly, if you make contact with the ransomware operators within the first 72 hours, they will give you a 50% discount, though we highly doubt that to be true. In general, paying the ransom is not recommended because there are no guarantees that you’ll actually be sent the decryptor, considering that you are dealing with cybercriminals.

Recovering files will be a much more complicated process for users who do not have a backup. The only option, at least for now, is to wait for a free Bbii ransomware decryptor to be released. At the time of writing, it’s not yet available but it could be released by malware researchers in the future. The problem with ransomware from this family is that they use online keys to encrypt files. This means that the keys are unique to each victim, and without those keys, a universal decryptor is not very likely. However, it’s not impossible the keys will be released eventually. So back up the encrypted files and occasionally search for a free Bbii ransomware decryptor.


How is ransomware distributed?

Ransomware, as well as other malware infections, are distributed using a variety of methods. Users with bad online habits are much more likely to infect their computers because they engage in more risky behavior. Taking the time to develop better online habits is highly recommended because they can save you a lot of trouble.

Here are the some of the most common ways ransomware is distributed:

  • Email attachments

One of the most common ways users infect their computers with ransomware is by opening malicious email attachments. Threat actors attach malicious files to emails and send them to users whose email addresses they purchased from various hacker forums. When users open the attached files, the malware can initiate on their computers. The emails are fairly easy to recognize, as long as you know what to look for. One of the most noticeable signs is grammar/spelling mistakes. The mistakes seem very out of place because senders usually pretend to be from legitimate companies, contacting users in an official capacity. Legitimate emails sent by companies whose services you use will rarely contain mistakes, especially not obvious ones.

Another thing to take note of is how an email addresses you. If you’re addressed with generic words like User, Member, Customer, etc., when the sender should know your name, you’re likely dealing with a malicious email. Companies insert customers’ names into the email automatically as it makes the emails seem more personal. But since malicious actors usually do not know users’ names, they use generic words.

While the majority of malicious emails will seem quite obvious, you may be targeted by more sophisticated attempts. Thus, we strongly recommend you scan all email attachments with anti-virus software or VirusTotal before opening them.

  • Torrents

If you regularly use torrents to pirate copyrighted content, you’re very likely to pick up a malicious infection sooner or later. It’s no secret that torrent sites are often quite badly regulated, and this allows malicious actors to upload torrents with malware in them. It’s especially common to find malware in torrents for content that’s popular (e.g. movies, TV series, video games, software). Pirating copyrighted content using torrents is not only stealing but dangerous for your computer and data.

  • Vulnerabilities

Software is not perfect and often has certain vulnerabilities that malware can use to infect a computer. When vulnerabilities are identified, they are patched by developers, which is why installing updates regularly is so important. When possible, enable automatic updates.

Bbii ransomware removal

Ransomware is a highly complicated infection that requires many steps to get rid of. Make sure to use anti-malware software to remove Bbii ransomware because otherwise, you might miss an integral part of the ransomware, or cause additional damage accidentally. When the ransomware has been fully removed, you can start file recovery if you have a backup.

If you did not back up your files prior to them becoming encrypted, a free Bbii ransomware decryptor is your only option. Back up your encrypted files and store them safely until a free Bbii ransomware decryptor becomes available. Make sure to choose your sources carefully because there are many fake decryptors promoted on questionable forums. NoMoreRansom is a good source for decryptors.

Bbii ransomware detections

Bbii ransomware is detected as:

  • Win32:PWSX-gen [Trj] by Avast/AVG
  • Trojan.GenericKD.49026290 by Bitdefender
  • Trojan.GenericKD.49026290 (B) by Emsisoft
  • Spyware.FFDroider by Malwarebytes
  • Trojan:Win32/Floxif.AV!MTB by Microsoft
  • TrojanSpy.Win32.REDLINE.YXCEMZ by TrendMicro
  • Artemis!93E23E5BED55 by McAfee
  • Trojan-Banker.Win32.Passteal.ph by Kaspersky