Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · May 2023

How to remove BrightNight ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Jake Doevan · Computer technology expert

BrightNight ransomware infection can result in permanent data loss if users do not have backups

BrightNight ransomware is a piece of malicious software that encrypts[1] personal files such as photos, videos, and documents, rendering them inaccessible. It is a type of malware that encrypts victims' files and demands payment in exchange for the decryption key in order to extort money from them.

Once the BrightNight ransomware infects a system, it appends the encrypted files with the .BrightNight extension, the attackers' email, and a unique ID assigned to the victim. The attackers then demand a ransom payment in exchange for the decryption key, which is the only way to regain access to the encrypted files.

The consequences of a BrightNight ransomware attack can be disastrous for users. It can be a traumatic experience to lose access to personal files, including cherished memories such as family photos and videos.

NAME BrightNight
TYPE Ransomware, cryptovirus, data-locking malware
DISTRIBUTION Email attachments, peer-to-peer file-sharing platforms, malicious ads
FILE EXTENSION .BrightNight
RANSOM NOTE README.txt
FILE RECOVERY If no backups are available, recovering data is almost impossible. We list alternative methods that could help you in some cases below
MALWARE REMOVAL Scan your machine with anti-malware software to eliminate the malicious files
SYSTEM FIX Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues. To remediate the OS and avoid its reinstallation, we recommend scanning it with the FortectIntego repair tool

The ransom note

BrightNight ransomware drops a ransom note README.txt on the affected machine:

!!!All of your files are encrypted!!!

To decrypt them send e-mail to this address: Tpyrcne@onionmail.org

In case of no answer in 24h, send e-mail to this address: Tpyrcne@cyberfear.com

Your System Key –

Attackers frequently demand payment in cryptocurrencies such as Bitcoin because it allows them to remain anonymous. However, for some victims, obtaining these cryptocurrencies can be a significant challenge. Paying the ransom does not guarantee that the attackers will provide the decryption key required to restore the encrypted files. Unfortunately, many victims paid the ransom but were unable to recover their data, leaving them with no choice but to accept permanent data loss.

Paying the ransom has a broader impact because it encourages cybercriminals to continue their illegal activities. It encourages them to create and distribute more malware, putting other people and businesses at risk of becoming victims of similar attacks. To help individuals and organizations protect themselves from such threats, it is critical to avoid paying the ransom and instead focus on preventative measures such as backup solutions, robust cybersecurity practices, and education.

Distribution methods

Other methods are used by cybercriminals to spread ransomware and infect systems. Social engineering is a common technique that involves tricking users into performing actions that allow malware to infiltrate their systems. Clicking on malicious links, downloading infected attachments, or providing sensitive information such as login credentials are all examples of this.

Drive-by downloading[2] is another method used by threat actors, which involves infecting a legitimate website with malicious code that downloads and executes ransomware on the user's system when they visit the site. This can happen if users click on a pop-up or banner ad on the site, which redirects them to another page containing malware.

Furthermore, attackers can distribute ransomware via infected USB drives or other external storage devices. They can install malware on a USB drive and leave it in a public place for an unsuspecting user to pick up and insert into their system, infecting their device unknowingly with ransomware.

Finally, cybercriminals can distribute ransomware via social media platforms. They can create bogus profiles or use compromised accounts to share links to malicious websites or malware-infected attachments. Users who click on these links or download these files may end up with ransomware on their systems.

Start the removal process

It is critical to disconnect the affected machine from the local network in order to effectively address the situation. This can be accomplished at home by unplugging the ethernet cable. However, disconnecting from the network at work may be more difficult. Instructions for corporate environments are available at the bottom of this post.

Attempting to recover data before removing the malicious files may result in permanent data loss or encryption of the files. It is critical to first remove the malware and then attempt data recovery. Ransomware removal is a difficult process that should not be attempted by inexperienced individuals. Manual removal necessitates advanced IT skills and should only be attempted by professionals.

Use anti-malware tools like SpyHunterCombo Cleaner or MalwarebytesMalwarebytes to scan your system. This security software should find all the related files and entries and remove them automatically for you. In some cases, malware does not let you use antivirus in normal mode, so you need to access Safe Mode and perform a full system scan from there:

Windows 7 / Vista / XP

  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list.Windows XP/7

Windows 10 / Windows 8

  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.Update & Security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.Recovery
  6. Select Troubleshoot.Choose an option
  7. Go to Advanced options.
  8. Select Startup Settings.
  9. Click Restart.
  10. Press 5 or click 5) Enable Safe Mode with Networking.Press F5 to enable Safe Mode with Networking

Repair corrupted system files

It is not uncommon to experience performance, stability, and usability issues following a malware infection, which may necessitate a full Windows reinstallation. Malicious viruses can corrupt or delete DLL files, modify critical sections of the Windows registry, and more. Antivirus software is incapable of repairing malware-damaged system files.

Manually repairing such damage can be difficult and time-consuming. That is why FortectIntego was created. This maintenance tool is intended to repair many of the problems caused by malware infections, such as Blue Screen errors,[3] freezes, registry errors, and damaged DLLs. Your computer may become completely unusable if you do not have such a tool. By using this maintenance tool, you may be able to avoid the need for a full Windows reinstallation.

Try recovering data with third-party software

If you haven't backed up your files prior to the attack, chances are that only the hackers possess the decryption key that can unlock them. Data recovery software may be worth a try, but it is important to note that third-party programs may not always be successful in decrypting the files.

Regardless of the situation, attempting data recovery is recommended. Before proceeding, it is essential to copy the corrupted files and store them in an external storage device such as a USB flash drive. However, it is crucial to ensure that the BrightNight ransomware has been removed before attempting data recovery.

Before you begin, several pointers are important while dealing with this situation:

  • Since the encrypted data on your computer might permanently be damaged by security or data recovery software, you should first make backups of it – use a USB flash drive or another storage.
  • Only attempt to recover your files using this method after you perform a scan with anti-malware software.

Install data recovery software

  1. Download Data Recovery Pro.
  2. Double-click the installer to launch it.
  3. Follow on-screen instructions to install the software.Install program
  4. As soon as you press Finish, you can use the app.
  5. Select Everything or pick individual folders where you want the files to be recovered from.Select what to recover
  6. Press Next.
  7. At the bottom, enable Deep scan and pick which Disks you want to be scanned.Select Deep scan
  8. Press Scan and wait till it is complete.
  9. You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
  10. Press Recover to retrieve your files.Recover files

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.