Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · May 2018

How to remove BKRansomware ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Olivia Morelli · Ransomware analyst

BKRansomware – a ransomware virus targeting Vietnamese and neighboring countries

BKRansomware ransomware virus

BKRansomware is one of the latest ransomware detections spotted at the beginning of May 2018. Its payload is being disseminated in the form of BKRansomware.exe, which may be disguised under malicious spam emails or injected into PCs using brute force attacks. Once installed, it enables SHA encryption algorithm and encodes .txt, .cpp, .docx, .bmp, .doc, .pdf, .jpg, .pptx, .png, .c, .py, .sql file formats using ROT23 coder. Upon encryption, each locked file is marked with the .hainhc file extension. In exchange for a decryptor, the victim is asked to pay 50k Viettel[1] (a form of credit for mobile phones).

Name BKRansomware
Type of malware Ransomware
Encryption type SHA1, SHA256, ROT23
Distribution Malicious spam email, EK, hacked RDP, rogue software updates, etc. 
Related files BKRansomware.exe
Removal possibilities Automatic removal only. Run a scan with FortectIntego to immunize ransomware instantly.

According to ransomware researcher,[2] the exact compilation timestamp of this virus is the 3rd of May. Likewise other ransomware-type viruses, BKRansomware ransomware virus is being distributed in many ways, including but not limited to spam emails, Exploit Kits, and hacked Remote Desktop Programs (RDP).

As soon as the BKRansomware.exe file is being executed, the virus enables the SHA1 and SHA256 ciphers and renders the ROT23 coder to attack personal files. In comparison to other ransomware, this one cannot boast being a wide profile ransomware virus as it is capable of encrypting the following file types only:

.txt, .cpp, .docx, .bmp, .doc, .pdf, .jpg, .pptx, .png, .c, .py, .sql

Following the encryption, BKRansomware malware appends a .hainhc file extension to all encoded files. Furthermore, the victim is presented with a ransom note, which is generated in the form of a Command Prompt window stemming from C:\Users\admin\AppData\Local\Temp\BKRansomware.exe. The note says:

send 50k Viettel to 0963210438 to restore your data
Press any key to continue . . .

Based on the information collected by ransomware researchers, the BKRansomware ransomware targets Vietnamese and neighboring country residents. It demands a ransom in the form of Viettel, which is a form of credit for mobile phones. It means that the victims are supposed to add credit to the mobile account and send 50k of Vittel to cybercriminals.

At the moment of writing, the BKRansomware ransomware virus is under an active development phase. No victims have been registered yet. It seems that cybercriminals seek to analyze the capabilities of VirusTotal testing to find out the detection ration. At the moment of writing, most of the reputable anti-virus (30 out of 65)[3] managed to remove BKRansomware from the system.

To protect yourself from ransomware attack, make sure to install a professional anti-virus with real-time protection and keep it up-to-date. Besides, keep Windows updates to evade vulnerabilities.

In case of an attack, you should better hurry with BKRansomware removal. While this ransomware is not too dangerous right now, developers keep their software updated implementing new features and making them compatible with more file extensions than the prior version.

To get rid of BKRansomware ransomware, we recommend running a full system scan with FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. However, you are free to use an anti-virus if your preference.

BKRansomware malware

Malicious viruses can easily exploit vulnerabilities

Ransomware viruses is a number one threat for the last couple of years. They are invented in a tricky manner, which enables them to spread on the Internet stealthily and then attack unsuspecting PC users with full capacity.

Most common source of ransomware infections is through spam emails. Using spam bots, criminals disseminate catchy email messages to thousands or hundreds of thousands PC users. Such emails usually contain an infected attachment (.doc, .xls, .txt, .zip and many others). Once clicked, it executes a ransomware payload which enables a cipher and leads to file encryption.

Peer-to-peer (P2P) and other suspicious download sources can be potentially dangerous as well. Hackers may try to upload their virus as a file, which seems like free software. According to NoVirus.uk[4] security team highly recommend people to stay away from questionable download sources, as well as shardy software downloads, controversial ads, and links.

BKRansomware virus removal instructions and file recovery tutorial

The very first step after ransomware attack is to remove BKRansomware from your PC. For that, use a professional anti-malware program. If you have one installed, don't forget to update it before running a scan.

Manual BKRansomware removal is hardly possible due to the multiplicity of scripts that it runs once installed. The only way to root it out completely is to eliminate all related files and recover all the changes that it initiated all at once.

Upon BKRansomware removal, you can try to recover your files using third-party data recovery programs or other alternative methods.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.