Remove Brusaf Virus (.brusaf File) - Restore Data Ransomware
THREAT REMOVAL

Remove Brusaf Virus (.brusaf File) + Restore Data Ransomware

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 4.33 out of 5)
Loading...

What are Brusaf Virus files? What is STOP Ransomware? How to remove Brusaf Virus from your computer? How to try and restore files encrypted by Brusaf Virus?

Brusaf Virus is a variant of STOP ransomware and is a cryptovirus, meaning it’s main goal is to infect your computer and attack your important files. The Brusaf Virus may then encrypt those files, replacing data in them that locks the files. In return, the Brusaf Virus wants you to pay ransom in order to give you the unlock decryption key for the Brusaf Virus files. Read this article to learn how to eliminate the Brusaf Virus from your computer.

Threat Summary

NameBrusaf Virus
TypeRansomware, Cryptovirus
Short DescriptionThe Brusaf Virus’s main purpose is to render your files unusable, until you pay a hefty ransom to the cyber-criminals who are behind this virus.
SymptomsFiles are encrypted and have the file extension of Brusaf Virus. A ransom note, called _readme.txt is dropped on victim PCs.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Brusaf Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Brusaf Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Brusaf Virus – Update August 2019

The good news for all victims of STOP Brusaf ransomware is that the security researcher Michael Gillespie found weaknesses in the code of this variant and released an updated version of his STOP ransomware decrypter.

So the moment you remove all malicious files and objects from your infected system you can enter our data recovery guide where you will find a download link for the free Brusaf decryption tool and learn how to proceed with the decryption process.

Decrypt Files Encrypted by STOP Ransomware

Have in mind that the tool is designed to support specific offline IDs, so it may not be effective for all occasions of Brusaf virus ransomware infections.

Brusaf Virus – How Did I Get It and What Does It Do?

The primary way via which your computer could have been infected by the Brusaf Virus is likely e-mail spam that is sent to you, containing malicious attachments, that pretend to be invoices, receipts or other forms of seemingly legitimate documents. These attachments are often outlined as something very urgent and something that you must download and open immediately. One example of such malicious e-mail spam message can be seen underneath:

When you download and open the attachment of this e-mail, infection with the Brusaf Virus starts. This infection results in dropping the virus files of the Brusaf Virus on your computer under random names and in the commonly targeted Windows directories:

When the Brusaf Virus is dropped on your computer, it may perform series of virus activities, like adding registry values in the following Windows registry sub-keys:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Then, the Brusaf Virus begins to scan your computer and encrypt your files. The Brusaf Virus looks for often used documents, images and other files tha are from the following file types:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”

Then, the Brusaf Virus encrypts the files, adding the Brusaf Virus file extension to them. Being a variant of STOP Ransomware, it also adds the _readme.txt ransom note that aims to explain to you how to pay your ransom to get the files to work.

The ransom note of Brusaf Virus:

ATTENTION!
Don’t worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool: https://we.tl/t-1aaC7npeV9 Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that’s price for you is $490. Please note that you’ll never restore your data without payment. Check your e-mail “Spam” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail: blower@india.com
Reserve e-mail address to contact us: blower@firemail.cc Your personal ID:

After your files have been ravaded by the Brusaf Virus, it then may delete the backed up Windows Shadow Copy files by executing the following Commands as an administrator without you even noticing:

→ sc stop VVS
sc stop wscsvc
sc stop WinDefend
sc stop wuauserv
sc stop BITS
sc stop ERSvc
sc stop WerSvc
cmd.exe /C bcdedit /set {default} recoveryenabled No
cmd.exe /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

Remove Brusaf Virus Ransomware and Restore Files

In order to remove the Brusaf Virus from your computer, we strongly recommend that you follow the removal steps underneath. They have been made so that you can delete this infection methodologically and effectively. If you want to delete Brusaf Virus fully and effectively, we strongly recommend that you skip the steps and download a professional malware removal software instead. Such advanced program will hunt down all of the Brusaf Virus files for you and eliminate them in a matter of minutes, plus protect your computer against them in the future too.

Not only this, but if you want to have Brusaf Virus files restored, then we strongly recommend that you try out the alternative steps for file recovery underneath. They have been created with the primary purpose to help you get back as many encrypted files by Brusaf Virus as possible, but do not think that they are 100% a solution.

Avatar

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

4 Comments

  1. AvatarNirmal Kumar

    Encrypted files kya hai sir pla help

    Reply
  2. Avatarsai babu

    Sir plz help me some of the files in my system not opening that files showing with file format
    BRUSAF
    how you fix it sir plz

    Reply
  3. AvatarJayesh

    Sir help us to recover our files…shal i send brusaf encrypted file (jpg file) for ur work to find decrypter

    Reply
  4. AvatarCreator Star Gallery

    Help me i usde Windows 7 , After attacking the virus on my computer, I could not run Amri Compute,
    I’ve given a new operating system but will see all file ( IMG_20160502_144057.jpg later.brusaf),
    Now if I followed the procedure you showed, what would be the solution? Please tell…

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...