BadEncript .bript file virus is yet another ransomware in development which hints at successful infection and encryption activities. BadEncript appends the .bript extension to the victim’s files. The ransom note is called More.html. For now, BadEncript targets English-speaking countries. The ransom amount demanded by this ransomware is still not known.
Threat Summary
| Name | BadEncript |
| Type | Ransomware |
| Short Description | BadEncript is still in development but it appears to be a successfully written ransomware. |
| Symptoms | A ransom note is dropped on the victim’s computer. A .bript extension is appended to their files. |
| Distribution Method | Spam emails. |
| Detection Tool | See If Your System Has Been Affected by BadEncript Download Malware Removal Tool |
| User Experience | Join our forum to Discuss BadEncript. |
| Data Recovery Tool | Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive. |
Here is how the ransom note dropped by BadEncript looks like:
The ransom note reads the following:
Your files were encrypted by the BadEncript ransomware!
To unlock your files you need to pay to the bitcoin address
1M2Wwtiuo9yC2fXygKoytTVye5Y7a58pvx.
After the payment was done, press “Check Wallet”.
It will check if you have payed or not.
If you did pay, your password will be automatically entered into the input box.
After that, just press “Decrypt” and all your files will be decrypted.
BadEncript Technical Resume
Distribution
Researchers have observed ransomware such as BadEncript being spread in spam emails containing malicious attachments, exploit kits, fake updates, and infected freeware installers. Users should be extra cautious and should never open random emails crafted to look like important messages sent out by legal organizations. This is how cybercriminals are trying to trick you into downloading their malicious payloads.
Details
As we already said, the amount of the ransomware is still not reported. The decryption key is not stored anywhere, and the program window can’t be closed. BadEncript most likely targets MS Office documents, PDF files, photos, music and video files, etc.
Twitter user @nikitpad reports finding a new sample of BadEncript that drops and .exe (BadEncriptFinal.exe) and overwrites the MBR:
More information about this sample is available on VirusTotal. Currently, 3 out of the 55 engines on VirusTotal detect the threat.
As for the initial sample detected by BleepingComputer, it drops the BadEncript.exe and is currently detected by 8 out of 55 security engines.
Kaspersky detects BadEncript as Trojan.Win32.Pabin.avt, and Trendmicro – as Ransom_BADCRIPT.A.
BadEncript .bript File Virus – Remove and Restore Instructions
BadEncript file virus, otherwise known as the BadEncript ransomware, can be removed manually – the first half of BadEncript removal manual below will guide you through the process but keep in mind that at least some experience in malware removal is needed. If you doubt that you can remove the threat yourself, please refer to the instructions for BadEncript automatic removal.
