Cyber Security Center

How to remove Bbzz ransomware


Bbzz ransomware is one of the most recent Djvu/STOP ransomware versions. The malicious actors behind this malware family release new versions on a regular basis, and we have already written about Bnrs, Eegf, Rrcc, and Rryy.  If you cannot open your files and they all have .bbzz added to them, your files have been encrypted by ransomware. This ransomware is considered to be very dangerous because file recovery is not always possible. The malware operators will offer you a decryptor for $980 but paying the ransom is not a good idea.

 

Bbzz ransomware note

 

When you open the malicious file and initiate the ransomware, Bbzz ransomware will immediately start encrypting your files. It will target your photos, videos, images, documents, etc. Essentially all of your personal files because they are worth the most. You will be able to easily tell which files have been encrypted by the .bbzz extension added to them. For example, text.txt would become text.txt.bbzz when encrypted. Unless you use a special decryptor on these files, you will not be able to open them. The _readme.txt ransom note explains how you can get the decryptor. Unfortunately, it involves paying $980 in ransom. The note also mentions a 50% discount to users who make contact within the first 72 hours, though whether these claims are true is dubious. Paying the ransom and/or engaging with the cybercriminals is not recommended because there are no guarantees you’ll actually get the decryptor even after paying. Keep in mind that these are cybercriminals you’re dealing with, and there’s nothing stopping them from simply taking your money and not sending anything in return.

You need to use anti-malware software to remove Bbzz ransomware from your computer. It’s a fairly complicated infection that requires a professional tool to get rid of. As soon as the ransomware has been removed, you can connect to your backup and start recovering files.

For users who did not back up encrypted files prior to infection, recovering files will be a much more difficult process, if not an impossible one. There is the option of waiting for a free Bbzz ransomware decryptor to be released but when it will become available is not clear. Ransomware versions from this family use online keys to encrypt files, which means the keys are unique to each user. Unless those keys are released, a Bbzz ransomware decryptor is not very likely. However, you should still back up the encrypted files in case it does eventually get released. NoMoreRansom is a good source for free decryptors.

How is ransomware distributed?

We strongly recommend you take the time to familiarize yourself with how malware is distributed because it will help you recognize a malicious campaign in time. You should also develop better browsing habits.

Malware is often distributed via:

Email attachments

If your email address has been leaked by some service, you may sometimes receive emails that contain malicious attachments. As soon as you open the attachment, the malware can initiate. This is why checking attachments before opening them is essential. You can do that using anti-virus software or VirusTotal. In general, emails carrying malware are often quite obvious. One of the most obvious signs is grammar/spelling mistakes. Senders usually pretend to be from legitimate companies whose services users use so the mistakes are quite obvious and out of place. Another sign is an email addressing you as User, Member, Customer, etc. when your name should be used. Legitimate emails whose attachments you’d need to open will always address you by name.

Torrents

It’s common knowledge that torrent sites are poorly regulated, which makes them perfect for uploading malware. Malicious actors often upload torrents for movies, TV series, video games, and software with malware in them, which is why pirating copyrighted content is so dangerous. And not only is it dangerous for your computer/data, but it’s also essentially stealing content.

Vulnerabilities

Updates are essential in order to keep your computer/data secure. Malware infections often exploit vulnerabilities to infect computers, and updates patch known vulnerabilities. They are discovered all the time, so keeping track of updates and installing them is very important. Enable automatic updates whenever possible.

Bbzz ransomware removal

Ransomware is quite a complex malware infection so it’s not a good idea to try to remove Bbzz ransomware manually. Incorrectly performing certain actions would result in damage to your computer. Furthermore, you may accidentally miss some parts of the ransomware, which could allow it to recover later on. And if you were to connect to your backup while ransomware was still present on your computer, your backed-up files would become encrypted as well. Thus, you need to use a reliable anti-virus program to remove Bbzz ransomware from your computer. Once the ransomware is gone, you can connect to your backup and start recovering your files.

Bbzz ransomware is detected as:

  • UDS:Trojan.Win32.Scarsi.gen by Kaspersky
  • GenericRXTG-KZ!2EB8F4E0B38E by McAfee
  • Trojan:Win32/SpyStealer.XE!MTB by Microsoft
  • Trojan.MalPack.GS by Malwarebytes
  • CrypterX-gen [Trj] by Avast/AVG

Bbzz ransomware detections