Bbyy ransomware is file-encrypting malware that belongs to the Djvu/STOP ransomware family. The malicious actors operating this ransomware release new versions regularly, with hundreds of versions released already. The versions are more or less identical to another but can be identified by the extensions they add to encrypted files. This ransomware adds .bbyy. You will not be able to open files with this extension unless you first use a decryptor on them.
Bbyy ransomware, like most ransomware, targets personal files. All of your photos, videos, images, documents, etc., will be encrypted, and have .bbyy added to them. For example, image.jpg would become image.jpg.bbyy if encrypted. You will not be able to open these encrypted files unless you first put them through a decryptor. The process of acquiring the decryptor is explained in the _readme.txt ransom note that’s dropped in all folders that have encrypted files. According to the note, the price for the decryptor is $980 but there is a 50% discount for users who contact the cyber criminals within the first 72 hours. But paying the ransom is generally not recommended because it does not guarantee that you’ll get a decryptor. These are cyber criminals you’re dealing with, and what’s there to guarantee that they’ll send you a decryptor.
If you have a backup, you can start recovering files as soon as you remove Bbyy ransomware from your computer. Make sure to use anti-malware software to delete Bbyy ransomware because it’s a fairly complex infection. If you do not have copies in a backup, your only option is to wait for a free decryptor to be released. Back up the encrypted files and store them safely until a decryptor is released. However, developing a decryptor for ransomware in the Djvu/STOP family is difficult because the versions use online keys to encrypt files. This means that the keys are unique to each user and unless those keys are released, a decryptor is not very likely. Nonetheless, it’s not impossible that a free Bbyy ransomware decryptor will be released in the future.
Ransomware distribution methods
Malicious actors use a variety of different methods to distribute their malware. When users have bad online habits, they’re much more likely to infect their computers with malware because they tend to do risky things when browsing. We recommend you take the time to develop better online habits.
Here are the some of the most common ways ransomware is distributed:
- Email attachments
Email attachments are one of the most common ways malware is distributed. When users open the malicious attachments, they end up infecting their computers with malware. Fortunately, malicious emails are fairly obvious in most cases, especially if you know what to look for. One of the most obvious signs is grammar/spelling mistakes in emails that are supposed to be official correspondence from legitimate companies. You will rarely see any kinds of mistakes in legitimate emails because they look unprofessional. But for whatever reason, emails carrying malware often have mistakes in them.
You should also always pay attention to how an email addresses you. In most cases, malicious emails use generic words like User, Member, Custom, etc., to address users. Malicious actors often do not have access to users’ personal information so they’re forced to use generic words. Legitimate emails whose email attachments you should open will always address you with your name.
It’s worth mentioning that some malicious email campaigns can be more sophisticated. We strongly recommend that you scan all unsolicited email attachments with anti-virus software or VirusTotal before opening them, just as a precaution.
Torrent sites are often quite badly regulated, which is why it’s the perfect platform to upload malware. Malicious actors often upload torrents with malware in them, and when users download them, they accidentally initiate malware on their computers. It’s especially common to find malware in torrents for movies, TV series, video games, and software. Pirating copyrighted content using torrents is not only stealing but also dangerous for your computer/data.
Malware infections often exploit vulnerabilities to get into computers, which is why it’s very important that you install updates regularly. Whenever a vulnerability is discovered, developers release patches to fix them. Not installing those updates leaves a computer vulnerable to malware. If possible, enable automatic updates.
Bbyy ransomware removal
Ransomware is a very complex malware infection and requires professional software to get rid of. We don’t recommend trying to remove Bbyy ransomware manually because you could end up causing additional damage to your computer. Furthermore, you may miss some ransomware components, which could allow it to recover later on. And if it recovered while you were connected to your backup, your backed-up files would become encrypted as well.
If you do not have a backup, your only option is to wait for a free decryptor to become available. You will not find one at the moment but it could be released in the future. NoMoreRansom is a good source for free decryptors but keep in mind that there are many fake ones promoted on questionable forums.
Bbyy ransomware is detected as:
- Win32:CrypterX-gen [Trj] by Avast/AVG
- HEUR:Trojan.Win32.Injuke.gen by Kaspersky
- Trojan.MalPack.GS by Malwarebytes
- Packed-GDD!9EBDD0750D87 by McAfee
- Trojan:Win32/SpyStealer.XE!MTB by Microsoft
- TrojanSpy.Win32.VIDAR.YXCFKZ by TrendMicro
- A Variant Of Win32/Kryptik.HPUY by ESET
- Trojan.GenericKD.39780351 (B) by Emsisoft
- Trojan.GenericKD.39780351 by BitDefender