.Blind Files Virus Removal – Restore Your Files

.Blind Files Virus Removal – Restore Your Files

This article will aid you to remove .Blind Files Virus effectively. Follow the ransomware removal instructions provided at the bottom.

.Blind is the extension that will be placed to your files after they are encrypted by the Blind ransomware virus. Malware researchers argue if the virus is a new variant of the BTCWare ransomware. After the payload of the ransomware is executed, your files will get encrypted and the virus will leave a ransom note with instructions for payment. Keep on reading below to see how you could try to potentially recover some of your files.

Threat Summary

Name.Blind Files Virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware virus encrypts files on your PC and a ransom note will be left demanding that you pay an unspecified amount of money in Bitcoins, after contacting the extortionists.
SymptomsThis ransomware will encrypt your files and then append the extension .Blind on every encrypted file.
Distribution MethodSpam Emails, Email Attachments, Executable Files
Detection Tool See If Your System Has Been Affected by .Blind Files Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .Blind Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.Blind Files Virus – Propagation

The .Blind files virus could spread its infection via various methods. One of these methods is seen as the main one for spreading it, which is with a payload file that executes the malicious script for the ransomware, which in turn infects your computer system. Such a payload file can be seen distributed around the Internet via different outlets.

The .Blind files virus could spread its payload file on social media sites and file-sharing networks. Freeware applications which are found on the Web could be presented as useful but at the same time could hide the malicious script for the cryptovirus. Avoid opening files straight away after you have downloaded them. That stands especially for ones that came from sources like suspicious e-mails or links. What you should rather do is to scan files before opening them with a security tool, while also checking their size and signatures for anything dubious. Also, you should read the ransomware prevention tips given in the forum section.

.Blind Files Virus – Insight

The .Blind files virus takes its name from the .Blind extension that it appends to all files that it encrypts. Malware researchers are arguing if the cryptovirus is a variant of the the .BTCWare File Virus or not.

The .Blind files virus could make entries in the Windows Registry to achieve persistence, launch and repress processes in Windows. Some entries are designed in a way that will start the virus automatically with each boot of the Windows Operating System, and one such entry is outlined down here:

→HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

The .Blind file virus will put a ransom message inside your computer machine after the encryption process is completed. The note is written in the English language, but that doesn’t mean that only English-speaking users are targeted by the malware developers. Inside the note, you will see payment instructions for allegedly recovering your files. The ransom note is inside a file called “How_Decrypt_Files.hta”.

That file will open up the following ransom message:

That ransom note reads the following:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected]
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee

Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins

The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
https://localbitcoins(.)com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
http://www.coindesk(.)com/information/how-can-i-buy-bitcoins/

Your personal identification number:
[REDACTED]

The developers of the Blind ransomware are using an e-mail address as a way to contact them. Instructions which are presented in the ransom note of the .Blind files virus should not be followed. You should NOT under any circumstances write to the cybercriminals. Nobody could give you a guarantee that your files will get restored if you pay the ransom. However, you could try to get 3 of your files decrypted, in case you need to use them with a potential decryption tool released in the near future.

.Blind Files Virus – Encryption

If the .Blind files virus ransomware proves to be a variant of BTCWare or indeed uses its code, there is a high probability for it to target and encrypt files with these extensions:

→.1c, .3fr, .accdb, .ai, .arw, .bac, .bay, .bmp, .cdr, .cer, .cfg, .config, .cr2, .crt, .crw, .css, .csv, .db, .dbf, .dcr, .der, .dng, .doc, .docm, .docx, .dwg, .dxf, .dxg, .eps, .erf, .gif, .htm, .html, .indd, .iso, .jpe, .jpeg, .jpg, .kdc, .lnk, .mdb, .mdf, .mef, .mk, .mp3, .mp4, .mrw, .nef, .nrw, .odb, .ode, .odm, .odp, .ods, .odt, .orf, .p12, .p7b, .p7c, .pdd, .pdf, .pef, .pem, .pfx, .php, .png, .ppt, .pptm, .pptx, .psd, .pst, .ptx, .r3d, .rar, .raw, .rtf, .rw2, .rwl, .sql, .sr2, .srf, .srw, .tif, .wb2, .wma, .wpd, .wps, .x3f, .xlk, .xls, .xlsb, .xlsm, .xlsx, .zip

All files that get encrypted will receive the .[[email protected]].blind extension appended to them. Malware researchers believe that the algorithm being used for the encryption process could RSA.

The .Blind files virus could delete the Shadow Volume Copies of the Windows Operating System. That will make the encryption process more viable since it will eliminate one way for a possible file recovery. Continue to read and see what ways you can try out to potentially recover some of your file data.

Remove .Blind Files Virus and Restore Data

In case your computer got infected with the .Blind files virus, you should have some experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect more computer systems. You should remove this ransomware and follow the step-by-step instructions guide provided below.

Manually delete .Blind Files Virus from your computer

Note! Substantial notification about the .Blind Files Virus threat: Manual removal of .Blind Files Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .Blind Files Virus files and objects
2. Find malicious files created by .Blind Files Virus on your PC

Automatically remove .Blind Files Virus by downloading an advanced anti-malware program

1. Remove .Blind Files Virus with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .Blind Files Virus
Optional: Using Alternative Anti-Malware Tools

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...