This article will aid you to remove Beni Oku.txt virus effectively. Follow the ransomware removal instructions at the end of the article.
Beni Oku.txt is the name of a ransom note used by a new Turkish ransomware cryptovirus, which is believed to be targeting mainly Turkish users. That does not exclude the possibility of other people becoming victims of the virus and getting their files encrypted. The ransom note looks like the one of CTB-Locker. The Beni Oku.txt virus will encrypt files and add the .encrypted extension to them. Read the article to find out ways in which you could potentially restore some of your files.
|Name||Beni Oku.txt Virus|
|Short Description||The ransomware will encrypt all of your important files and show a ransom note in Turkish, giving out details about the ransom payment.|
|Symptoms||The ransomware will encrypt files with the .encrypted extension appended to every file.|
|Distribution Method||Exploit Kits, Spam Emails, File Sharing Networks|
|Detection Tool|| See If Your System Has Been Affected by Beni Oku.txt Virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Beni Oku.txt Virus.|
Beni Oku.txt Virus – Delivery Methods
Beni Oku.txt ransomware might be using targeted attacks to mainly infect users, who speak Turkish, but other delivery methods are not an exclusion. The payload file which initiates the malicious script for this ransomware is being spread around the Internet, and one of the samples was found by the malware researcher Jakub Kroustek, who uploaded it for analysis on the VirusTotal portal. You can preview the detections from the service right down here:
Beni Oku.txt ransomware might also deliver its payload file via social media networks and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Refrain from opening files right after you have downloaded them. You should first scan them with a security tool, while also checking their size and signatures for anything that seems out of the ordinary. You should read the ransomware prevention tips found on the forum section.
Beni Oku.txt Virus – A Closer Look
Beni Oku.txt is actually the name of the ransom note file with instructions that this Turkish ransomware creates. Easily it can be said that it targets mainly Turkish users, because of the usage of that language, alas that does not exclude users who speak other languages. You can preview the contents of that “Beni Oku.txt” file from the picture right here:
The above note states:
1 – Dosyalarınızdaki şifrelemeyi kaldırmak için 13HP68KeuvoqYJhvlf7XQMEox8DPR8odx5 bitcoin adresine 150 USD değerinde bitcoin göndermeniz gerekmektedir.
2 – 150 USD değerinde ‘bitcoin gönderimi yapıldıktan sonra firstname.lastname@example.org adresine Belgelerim klasörünüzün içerisinde bulunan privateKey.XML dosyasını göndermeniz, gerekmekte dosyayı gönderdikten sonra dosyalarınıza uygun şifre çözme anahtarı size gönderilecek ve dosyalarınızdaki şifreleri açacaksınız.
3 – Bitcoin alımlarını https://localbitcoins.com/ üzerinden yada bu tarz emsal sitelerden yapabilirsiniz.
4 – Dosyalarınızdaki şifreleri çözmeye uğraşmanız sadece dosyalarınıza zarar vereceğiniz ve veri kaybına yol açmasına sebep olacaktır.
5 – 24 saat içerisinde şifreleri çözülmeyen dosyalar otomatik olarak harddiskinizden geri gelmeyecek şekilde silinecektir.
6 – Detaylı bilgi için email@example.com adresine mail gönderebilirsiniz.
A rough translation of that in English is the following:
1 – To remove the encryption on your files, you need to send bitcoin to the address of 13HP68KeuvoqYJhvlf7XQMEox8DPR8odx5 bitcoin with a value of 150 USD.
2-150 worth USD ‘after Bitcoin transmission to send the privatekey.xml file located in your My Documents folder to address firstname.lastname@example.org, after you send the file to need the appropriate password to your file decryption key will be sent to you and you will open your passwords in your file.
3 – Bitcoin purchases can be done through https://localbitcoins.com/ from these comparable sites.
4 – Trying to resolve the passwords in your files will only cause damage to your files and cause data loss.
Within 5 – 24 hours, unencrypted files will be deleted automatically so that they will not come back from your hard disk.
6 – For more information, you can send an e-mail to email@example.com.
The Beni Oku.txt ransomware could make entries in the Windows Registry to achieve persistence, and probably launch or repress processes in a Windows environment. Such entries are typically designed in a way to launch the virus automatically with each start of the Windows operating system like the example given below:
Another ransom note message is generated, which is inside an image, that looks very similar to those of the CTB-Locker and CTB-Faker ransomware viruses. That message is again written in the Turkish language. You will see that message from the image shown down here:
The original text of the message reads:
Yerel diskleriniz, ağ konumlarınız, harici depolama birimleriniz 256 bit şifreleme
tekniği ile şifrelenmiştir, bu yöntem ile şifrelenen dosyalar geçerli key “Anahtar”
olmadan açılamazlar Key anahtarına sahip olmak için şifre çözme yazılımını satın
almanız gerekmektedir, yazılım satın alındığında tüm dosyalarınızdaki şifreler
çözülecek ve eski haline gelecektir. Yazılımı 24 saat içerisinde satın almadığınız
taktirde tüm dosyalarınız yerel depolama birimlerinden geri gelmeyecek şekilde
silinecektir. Ayrıntılı bilgi için Belgelerim klasörünüzdeki “Beni Oku.txt”
İletişim Adresi: firstname.lastname@example.org
BTC Adresi : 13HP68KeUVogYJhvlf7XQMEoX8DPR8odx5
Yukarıdaki BTC adresine 150 $ ödeme yapmanız gerekmektedir. Bitcoin
alımlarını www.localbitcoins.com üzerinden yapabilirsiniz
Bilgilendirme : Bilgisayarınızı geri yükleme yapmak hiçbir fayda etmeyecektir
Dosyaları antivirüs ile taratmanız dosyaların bozulmasına yol açacak ve geri
getirilmeyecek şekilde bozulmasına sebep olacaktır
A very rough English translation of that note will be the following:
YOUR FILES ARE ENCRYPTED
Your local disks, network locations, external storage 256-bit encryption
Encrypted with this method, the files encrypted with this method will be valid key “Key”
Purchase decryption software to have Key Key
You need to buy it, the passwords for all of your files when the software is purchased
It will be solved and it will become old. You did not purchase the software within 24 hours
If all your files will not come back from local storage
Will be deleted. For more information, see the “Read me.txt”
You can look at the file
Contact Address: email@example.com
BTC Address: 13HP68KeUVogYJhvlf7XQMEoX8DPR8odx5
You must pay $ 150 to the above BTC address. Bitcoin
You can make purchases through www.localbitcoins.com
Information: Restoring your computer will not help
Files with antivirus will lead to the corruption of your files and back
Will cause it to malfunction
From the ransom note, we can see that Beni Oku.txt actually translates to Read me.txt. The asked ransom price is 150 US dollars, demanded to be paid out in Bitcoins to a certain address. The deadline which is given is 24 hours, before the password becomes obsolete, according to the note. The price amounts to exactly 0.123 Bitcoin at the time of writing of this article.
The e-mail address given as a contact with the crooks is firstname.lastname@example.org. However, you should NOT under any circumstance contact these cybercriminals or think of paying them. Your files may not get restored, and nobody could guarantee you that. Moreover, giving money to these criminals will likely motivate them to create more ransomware or do other criminal acts.
Beni Oku.txt Virus – Encryption Process
A partial list with file extensions that the Beni Oku.txt Virus ransomware seeks to encrypt is available, and you can see some of the file extensions will end up getting encrypted right here:
→.bmp, .docx, .ini, .jpg
Other files will get encrypted as well and receive the .encrypted extension. The extension will be appended after the original extension of the files, without overwriting it. The Beni Oku.txt ransomware will lock them using a 256-bit algorithm, at least according to the ransom note.
The following three files are connected with the encryption, and also contain information about the encryption keys:
To add to that, there is also a tool called “FileEncryptor” that is associated with the lock process that looks like the following:
The Beni Oku.txt cryptovirus is quite likely to erase all the Shadow Volume Copies from the Windows operating system by using the following command:
→vssadmin.exe delete shadows /all /Quiet
Continue to read and find out what types of ways you could try to potentially restore some of your data.
Remove Beni Oku.txt Virus and Restore .encrypted Files
If your computer machine got infected with the Beni Oku.txt ransomware, you should have some experience in malware removal. You should get rid of this ransomware as quickly as possible before it encrypts other files and spreads deeper in your used network. The recommended action for you to remove the ransomware effectively by following the step-by-step instructions guide outlaid down below.