Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Brcodesinfo@gmail(.)com Ransomware Removal Manual

Yet another ransomware is infecting thousands of computers and encrypting users’ files. Researchers have dubbed it brcodesinfo@gmail(.)com because this email is used in the names of the encrypted files. The files get locked via the 256-bit AES algorithm and require a password to be usable again.

STF-brcodesinfo@gmail.com-brhelpinfo-brinfo15-ransomware-winrar-aes-encryption-password

Name Brcodesinfo@gmail(.)com
Type Ransomware, Trojan
Short Description This ransomware encrypts files and asks for a ransom to unlock those files.
Symptoms The ransomware encrypts files and adds an .exe extension to them. It uses a Gmail account (in the file extension) for the ransom money to be received.
Distribution Method Spam Emails, Email Attachments, Suspicious Sites
Detection tool Download Malware Removal Tool, to See If Your System Has Been Affected by Brcodesinfo@gmail(.)com
User Experience Join our forum to discuss the Brcodesinfo@gmail(.)com ransomware.

Brcodesinfo@gmail(.)com – Distribution Methods

The most common distribution method is known to be via malicious email attachments and spam emails. You may receive an email with a malware file attached. If you open the attachment, the malware is then spread. The email body can contain malicious code and only by opening the email, you infect your computer with it, even if you don’t open the attachment inside.

Around social networks and file sharing services, there may be similar attachments and files containing the Brcodesinfo@gmail(.)com ransomware. That is why interacting with suspicious content is never advisable, especially if the system is not protected.

Brcodesinfo@gmail(.)com – Technical Information

Once the Brcodesinfo@gmail(.)com ransomware gets into your computer and is executed, it begins to lock files. It seems to be using WinRar, which in turn uses a 256-bit AES encryption. This encryption is considered uncrackable even if hundreds of years pass trying to crack it with modern super-computers.

Encrypted files have an extension such as (!! to get password email id [9 random digits] to brcodesinfo@gmail(.)com !!).exe. There are also other e-mails that can be left in the name, like: brhelpinfo@gmail(.)com or brinfo15@gmail(.)com.

The ransomware is known to search and encrypt files with the most commonly used extensions:

→.jpg, .jpeg,.png, .mp3 , .mp4, .mpg, .divx, .djvu, .java, .json, .pps, .ppt, .pptx, .wav, .wmv, .dat, .pdf, .xls, .xlsx, .doc, .docx,

This is not a complete list, as other files could be encrypted as well.

After that process is complete, files will be locked and will have names like:

  • gta evolution br v1.exe
  • msoe.txt(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe
  • microsoft.office.infopath.targets(!! to get password email id 332606859 to brcodesinfo@gmail.com !!)
  • webservicesnfe.xml(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe
  • unins002.dat(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe
  • unins001.dat(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe
  • unins000.dat(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe
  • source_facilitus_servico.hns(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe
  • source_facilitus_documento.hns(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe
  • scriptdirectus799.txt(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe
  • scriptdirectus699.txt(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe
  • scriptdirectus599.txt(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe
  • scriptdirectus499.txt(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe
  • scriptdirectus.txt(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe
  • conectusnfce.exe.config(!! to get password email id 332606859 to brcodesinfo@gmail.com !!).exe

Important!

The ransom request will be sent over email if you choose to contact the cybercriminals. AES is one of the toughest military-grade encryption algorithms known in the world. Every tool that is used in decrypting WinRAR passwords uses a brute-force or an alphabetical order method to do so. The password used by cyber criminals is probably long enough for decryption to be made impossible.

Currently, there is no information if Shadow Volume Copies are erased from the infected system. So, after removal, you should see the 5th part of the instructions written down below for few ways in which you can try and restore your files.

Remove Brcodesinfo@gmail(.)com Completely

If you have been infected by the Brcodesinfo@gmail(.)com ransomware, you should have at least some experience in removing viruses. This ransomware can irreparably lock your files, so it is highly recommended that you act swiftly and follow the instructions provided below:

1. Boot Your PC In Safe Mode to isolate and remove Brcodesinfo@gmail(.)com
2. Remove Brcodesinfo@gmail(.)com with SpyHunter Anti-Malware Tool
3. Remove Brcodesinfo@gmail(.)com with Malwarebytes Anti-Malware.
4. Remove Brcodesinfo@gmail(.)com with STOPZilla AntiMalware
5. Back up your data to secure it against infections and file encryptions by Brcodesinfo@gmail(.)com in the future
NOTE! Substantial notification about the Brcodesinfo@gmail(.)com threat: Manual removal of Brcodesinfo@gmail(.)com requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.