BadEncript .bript File Virus Remove and Restore Manual

BadEncript .bript File Virus Remove and Restore Manual

BadEncript .bript file virus is yet another ransomware in development which hints at successful infection and encryption activities. BadEncript appends the .bript extension to the victim’s files. The ransom note is called More.html. For now, BadEncript targets English-speaking countries. The ransom amount demanded by this ransomware is still not known.

Threat Summary



Short DescriptionBadEncript is still in development but it appears to be a successfully written ransomware.
SymptomsA ransom note is dropped on the victim’s computer. A .bript extension is appended to their files.
Distribution Method Spam emails.
Detection Tool See If Your System Has Been Affected by BadEncript


Malware Removal Tool

User ExperienceJoin our forum to Discuss BadEncript.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Here is how the ransom note dropped by BadEncript looks like:

The ransom note reads the following:

Your files were encrypted by the BadEncript ransomware!
To unlock your files you need to pay to the bitcoin address
After the payment was done, press “Check Wallet”.
It will check if you have payed or not.
If you did pay, your password will be automatically entered into the input box.
After that, just press “Decrypt” and all your files will be decrypted.

BadEncript Technical Resume


Researchers have observed ransomware such as BadEncript being spread in spam emails containing malicious attachments, exploit kits, fake updates, and infected freeware installers. Users should be extra cautious and should never open random emails crafted to look like important messages sent out by legal organizations. This is how cybercriminals are trying to trick you into downloading their malicious payloads.


As we already said, the amount of the ransomware is still not reported. The decryption key is not stored anywhere, and the program window can’t be closed. BadEncript most likely targets MS Office documents, PDF files, photos, music and video files, etc.

Twitter user @nikitpad reports finding a new sample of BadEncript that drops and .exe (BadEncriptFinal.exe) and overwrites the MBR:

More information about this sample is available on VirusTotal. Currently, 3 out of the 55 engines on VirusTotal detect the threat.

As for the initial sample detected by BleepingComputer, it drops the BadEncript.exe and is currently detected by 8 out of 55 security engines.

Kaspersky detects BadEncript as Trojan.Win32.Pabin.avt, and Trendmicro – as Ransom_BADCRIPT.A.

BadEncript .bript File Virus – Remove and Restore Instructions

BadEncript file virus, otherwise known as the BadEncript ransomware, can be removed manually – the first half of BadEncript removal manual below will guide you through the process but keep in mind that at least some experience in malware removal is needed. If you doubt that you can remove the threat yourself, please refer to the instructions for BadEncript automatic removal.


Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share