Are you finding it difficult to access pictures, videos & documents on your system? Do you see an alien extension, .Budak, appended to the filenames?
If so, then there are positives that your system is infected by another devious variant of STOP (DJVU) Ransomware Family, the Budak Ransomware.
Yes, Budak is a nasty File Encrypting Virus that has been discovered by the cyber-security analysts recently. Just like other stop djvu Ransomware variants, Budak Ransomware spreads its infection via spam-email campaigns, unreliable software download sources, peer-to-peer networks & fake software updaters.
Upon infecting the system, it encrypts most of the stored files & appends the filenames with Budak extension. A unique decryption key is required to restore the encrypted back, which is stored on the hacker’s server.
Victims are required to pay handsome amount to the hackers in order to purchase the decryption key & restore their data.
Does paying the ransom helps in getting the encrypted data restored? Is there any way of preventing .Budak File Virus from infecting your system? Is it possible to remove Budak Ransomware from infected PC? Read on to learn how to uninstall Budak & recover .Budak files.
Name | Budak |
Type | Ransomware |
Category | Malware |
Operating System Impacted | Windows |
Symptoms | Files encrypted with .budak extension & appearance of ransom-demanding note while accessing encrypted files. |
The giant Clan of STOP DJVU Ransomware welcomed another perilous member recently named Budak Ransomware. It is spreading its infection at an alarming rate & has infected a large number of systems so far.
Other pernicious Ransomware that are active & posing threat to computer–users across the world are Ims00ry, Pox & Adame.
According to the reports, spam e-mail Campaigns, online fraudulent advertising & unreliable software download/install sources are the prime channels of distribution of stop Budak Ransomware.
This high risk Ransomware infection stealthily gets on to the computer & scrutinizes the system for the targeted files. When found, it encrypts user & system files by using a complex Encryption method such as RAS & AES. In addition to that, Budak delete Shadow Volume Copies from the system.
The encrypted files are appended with .budak extension & hence made inaccessible to the users.
For example, the file name “presentation.ppt” might be renamed as “presentation.ppt.budak” after encryption.
The file extensions targeted by the Budak File Virus, may include:
Cyber-criminals behind Stop Budak Ransomware seek to generate illicit revenue by extorting hefty amount from the victims in return of a decryption key. The cryptography algorithms used by the hackers to encrypt the files also generate a unique decryption key for each infected system.
Once the files are encrypted, a ransom-demanding message in text format (_readme.txt) is dropped in every folder of the infected systems that contains .budak files.
The note appears every-time the user tries to open the encrypted files. It prompts the user to contact the hackers & pay the ransom amount (in Bitcoins) in order to restore the data.
The hackers offer to decrypt one encrypted file (not containing sensitive information) for absolutely no cost. The restored file is then sent back to the victim as a proof of decryption.
Impacted users may contact the hackers via e-mail on varasto@firemail.cc or gorentos@bitmessage.ch.
Ransom Amount: The Ransom amount demanded by STOP DJVU Ransomware hackers remains same for all the variants.
The hackers demand $980 for every decryption key & ask users to contact them to receive payment & decryption related instructions.
Any victim that contacts the hackers within 72 hours of the encryption can avail 50% discount on the Ransom amount (i.e., $480).
Note: The claim to decrypt the files for absolutely no cost is a mere trick to take the users into thinking that decryption is possible.
Many of the victims often tend to contact the hackers & pay them the ransom amount as they fear losing their data. However, the analysis by cyber-security researchers show that hackers avoid responding the victims after the amount has been received.
Therefore, we advise you to avoid contacting the hackers, if infected. Do not let hackers extort money & succeed in their plans.
Rather, be vigilant & act smart. Take a backup on your data regularly on an external storage device & be cautious wile streaming online. Following good security practices may help in preventing .Budak File Virus from infecting your system.
Crypto-Virus infections such as Budak Ransomware mainly spread via spam e-mails containing malicious attachments. Hackers send out a myriad of spam e-mails with legit subject lines, to trick the users to believe it is from an authentic source. These may include shipping firms such as DHL or FedEx. The e-mails suggest that executive tried attempting a delivery to the user, but failed due to some unexpected circumstances.
Users, out of their curiosity, open the attached files/links embedded inside the e-mail & invite Budak File Virus on their system.
Other common methods used by the hackers to propagate .budak file virus infection are-
To restart the system to Safe Mode with Networking, if already switched ON then follow the below steps:
5 Click on the username and enter the password (if any).
Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.
After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:
OR
OR
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Hits: 129
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.