Bioawards ransomware – data-locking computer infection built for money extortion

Bioawards ransomware is a malicious program that belongs to a broad malware family known as Scarab. Its main goal is to encrypt all personal data (pictures, documents, music, archives, videos, etc.) on a Windows computer then demand ransom for its return. For that, the virus uses a combination of RSA and AES encryption algorithms,[1] which also append .Bioawards extension to each of the files. As a result, victims can no longer access these files and require a unique key held hostage by cyber crooks behind the attack.
Once the encryption is complete, the Bioawards virus delivers two ransom notes – Instruction.txt and DECRYPT FILES.txt, with the latter being more detailed than the former one. The message explains to victims what happened to their files and that they need to pay a ransom in bitcoin for data recovery – they also mention that the decryption key will be deleted after 96 hours if the email to Bioawards@tutanota.com or Bioawards@gjessmail.com is sent on time.
| Name | Bioawards ransomware |
|---|---|
| Type | Ransomware, data locking malware, cryptovirus |
| Malware family | Scarab |
| Encryption method | RSA + AES-256 |
| File extension | .Bioawards extension is appended to each of the personal files, or example, a “picture.jpg” is turned into a “picture.jpg.Bioawards” |
| Ransom notes | Instruction.txt and DECRYPT FILES.txt |
| Contact | Bioawards@tutanota.com or Bioawards@gjessmail.com |
| File Recovery | If no backups are available, recovering data is almost impossible. Nonetheless, we suggest you try the alternative methods that could help you in some cases – we list them below. Also, you might be able to retrieve at least some of your files with the help of Dr.Web, although the service is not free |
| Malware removal | Perform a full system scan with powerful security software, such as SpyHunterCombo Cleaner |
| System fix | Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the OS and avoid its reinstallation, we recommend scanning it with the FortectIntego repair tool |
Ransomware such as Bioawards files virus can be particularly devastating to users, as it can result in permanent data loss. Scarab is a relatively old malware family with hundreds of variants, including Omerta, Artemy, MAKB, and many others. The names of ransom notes, appended extensions, and other attributes might change or remain the same from version to version, although the principle of operation remains unchanged – cybercriminals want money.
Once inside the system, the virus changes the way Windows operates – it modifies the registry, deletes Shadow Copies and System Restore points, drops thousands of malicious files, and performs other changes. If you are having trouble restoring your system to a previous state after Bioawards ransomware removal, employ automatic repair tools such as FortectIntego for an easy recovery.
Bioawards ransomware targets the most commonly used file types, such as JPG, PDF, DOC, TXT, DAT RAR, and many others, although it skips system and executable files to ensure that the computer is still operational (cybercriminals' goal is not to corrupt victims' machines but rather make them pay the ransom).
Once the encryption begins, it can hardly be stopped, as it only takes a few seconds to minutes to perform this process on a Windows machine (depending on the size of the data). Besides, victims rarely know what is going on and only realize it later once they spot the .Bioawards extension appended to each of their files.

There are two ransom notes delivered upon successful file encryption DECRYPT FILES.TXT provides exact details of how .Bioawards file recovery process should be handled, and Instruction.txt just explains briefly what happened:
All files are encrypted with a complex strong key AES 256, RSA and so on. Don't use an antivirus. It can corrupt files and all cannot be recovered. You have been assigned a unique identifier. After infection, you have 96 hours to declare decryption. After the expiration of 96 hours, the keys will be automatically deleted. Do not use third-party file recovery or decryption software. They do not work. They mess up files. See for yourself. Detailed information can be obtained by mail: Bioawards@tutanota.com To receive instructions on decryption, write to the mail: Bioawards@tutanota.com To get the decryption keys and the decryption program, write to the mail: Bioawards@gjessmail.com
The larger note includes a unique ID that is meant to be presented within the email to the attackers. However, security experts[2] advise not communicating with the attackers, as there is a chance that they will not deliver the promised decryption tool.
Instead, backup the locked data and then remove Bioawards ransomware from your system to prevent the encryption of the incoming files. To delete the malware, you should employ powerful security tools, such as SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. If you need to access Safe Mode with Networking to perform the elimination, you can find the instructions on how to do that below.
Security software will not restore .Bioawards files
Cybercriminals behind .Bioawards file virus use both symmetric and asymmetric ciphers to lock all data, which means that each of the victims is assigned with a key that consists of a random string of alphanumeric characters. This key is always unique, so users who paid for it will not be able to share it with other victims. These two factors are what makes ransomware so dangerous.
Users who get infected with ransomware for the first time mistakenly believe that they can remove .Bioawards extension from their files as soon as they complete a scan with security software. However, anti-malware is not designed for such purpose – it instead finds and deletes all malicious files, modules, and other malicious components from the system.
There is a particular set of tools that are indeed designed to restore lost files – they are known as data recovery software. These applications also can not decrypt files (as explained above, only cybercriminals have access to the unique key that can decrypt .Bioawards files), but they can attempt to retrieve some of the working copies from the hard drive. For download links and instructions on how to use such tools, please check the instructions below. Additionally, you can also attempt to restore your data with built-in Windows recovery tools, such as the Previous Versions feature, although, for this method to work, malware should have failed to perform some of its functions.
When it comes to paid recovery, there are two options available: either paying Bioawards ransomware authors for the key or contacting Dr.Web. The latter is obviously much more secure and trustworthy, although full decryption of files is not guaranteed. We recommend contacting the vendor directly.

Delete Bioawards ransomware from your PC and only then attempt the data recovery
As long as the Bioawards ransomware virus runs on your machine, all the incoming files will continue to be encrypted. Nonetheless, we recommend you do not rush anything, as it is important to handle this difficult situation correctly to avoid various issues, e.g., complete file corruption.
As seen in the ransom note, cybercriminals claim that running anti-malware software such would permanently damage the encrypted files. While there is no guarantee that the attackers are bluffing, it is always best to make a copy of the encrypted data before Bioawards ransomware removal is performed. Locked files do not have malicious code within them, so it is safe to copy them over.
Once you have a copy of your most valuable files, remove Bioawards ransomware with SpyHunterCombo Cleaner, MalwarebytesMalwarebytes, or another security software that detects[3] the threat. If you notice that your Windows computer faces various issues post-termination (lag, crashes, errors, etc.), you can attempt to fix them automatically with FortectIntego.
Was this guide helpful?
Be the first to comment