Severity scale:  
  (98/100)

Blitzkrieg ransomware. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Ransomware

Blitzkrieg ransomware is file locking malware that modifies Windows registry to gain persistence

Blitzkrieg ransomware
Blitzkrieg ransomware is a file locking virus that offers a free test descryption service

Blitzkrieg ransomware is a newly discovered cyber threat that focuses on money extortion. To do that, cybercriminals spread the malware with the help of a variety of deceptive methods and prevent users from accessing their photos, videos, music, databases, etc. with the help of file-locking algorithm AES.[1] Data modified in such a way also receives a .bkc extension.

Once data is encrypted Blitzkrieg virus contacts a remote server that is controlled by hackers and distributes a ransom note HowToBackFiles.txt into each of the affected folders. The text file includes a message from hackers which explains to victims what happened to their data and how to get it back.

According to criminals, users should email them via Blitzkriegpc@protonmail.com, and the redemption price depends on the response time. Additionally, hackers also offer a test decryption service that allegedly guarantees that victims would not get scammed once they pay a ransom in Bitcoin or another cryptocurrency. Nevertheless, security experts[2] highly discourage users from contacting the threat actors and rather focus on Blitzkrieg ransomware removal.

Name Blitzkrieg
Type Ransomware
File extension .bkc
Cipher AES
Ransom note HowToBackFiles.txt
Contact Blitzkriegpc@protonmail.com
Decryptable? No, but you can try third-party software or recover data from backups
Removal Use reputable anti-malware software, such as Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes
Recovery To restore infected system files, perform a scan with Reimage

According to reports, most of the infections stem from China, although samples from other countries showed that the .bkc file extension and a different email address (blellockr@godzym.me) is being used by GlobeImposter 2.0 ransomware. Therefore, it might be that the latter and Blitzkrieg ransomware authors have something in common.

There are several ways you could get infected with Blitzkrieg ransomware. The most prominent crypto malware distribution methods include:

  • Spam emails;
  • Botnets;
  • Fake updates;
  • Exploit kits;
  • Brute-force attacks;
  • Web injects;
  • Pirated software;
  • Cracks or keygens, etc.

To avoid infections in the future, please check the second section of this article.

Once Blitzkrieg ransomware performs the file locking process, it drops a ransom note which states:

Attention !!!

All your files on this server have been encrypted.
Write this ID in the title of your message 

To restore the files need to write to us at email: Blitzkriegpc@protonmail.com

The price of restoration depends on how quickly you write tous. 
After payment we will send you a decryption tool that will decrypt all your files.

You can send us up to 3 files for free decryption.
-files should not contain important information
-and their total size should be less than 1 MB

IMPORTANT !!!
Do not rename encrypted files.
Do not try to decrypt your data using third-party software, this can lead to permanent data loss!
Your ID:

Please do not fall the victim of Blitzkrieg ransomware developers, as you might quickly get scammed. Bad actors are known to ignore their victims, even after the payment for the decryptor is performed. Besides, the act would only prove hackers that their project works as intended and they will keep on infecting more users in the future.

Therefore, you should remove Blitzkrieg ransomware from your computer with the help of security software – you might have to enter Safe Mode for that (we explain how to do that below). You should also scan your computer with Reimage to restore damaged system files (registry, startup items, scheduled tasks, etc.).

Blitzkrieg ransomware virus
Blitzkrieg ransomware is a cryptovirus that demands users to pay ransom for the tool that can decode all personal data

Tips to avoid getting infected with ransomware viruses

Ransomware is probably one of the most devastating cyber threats out there, as it might result in permanent data loss, as restoring it requires special conditions. This also applies to large-scale corporations and businesses, which lose millions of dollars each year for recovery procedures.[3] Nevertheless, regular users might lose invaluable photos or other relevant information related to their work.

Therefore, it is best to stay away from ransomware in the first place. Here's what you can do to reduce the infection rate to a minimum:

  • Install reputable security software and keep it updated;
  • Enable Firewall;
  • Make sure your operating system and the installed programs are regularly patched with security updates;
  • Do not download cracks, keygens or pirated software installers;
  • Use ad-blockers for high-risk sites;
  • Do not open spam email attachments or click on suspicious hyperlinks inside;
  • Use strong passwords for all your accounts.

Finally, you should always have a fresh backup of all your important files on an external drive or a cloud-based service.

Terminate Blitzkrieg ransomware and then proceed with file recovery process

As we already mentioned, you should not contact hackers and proceed with Blitzkrieg ransomware removal instead. For that, you should install anti-malware software, if you do not have on yet. We suggest using Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes, although any other powerful tool of your choice might work. Be aware that ransomware viruses cannot be detected by all AV engines, so scans with multiple programs might be necessary.

Only after you remove Blitzkrieg ransomware, you can proceed with file recovery. If you had backups ready, now is the time to copy them over. Unfortunately, if you did not prepare a backup before the infection occurred, chances of retrieving data are minimal, as there is no decryption tool created by cybersecurity researchers (although it does not mean it will not be the case in the future). Nevertheless, you should try to use alternative recovery methods we provide below – it might help you to recover at least some of your files.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Blitzkrieg virus, follow these steps:

Remove Blitzkrieg using Safe Mode with Networking

If Blitzkrieg ransomware is tampering with your security software, you should access Safe Mode with Networking:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Blitzkrieg

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Blitzkrieg removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Blitzkrieg using System Restore

You can also attempt to terminate the infection with the help of System Restore:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Blitzkrieg. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Blitzkrieg removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Blitzkrieg from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Blitzkrieg, you can use several methods to restore them:

Make use of Data Recovery Pro

As your first attempt to restore personal files, you should try Data Recovery Pro. It might be able to retrieve data it was not overwritten on your hard drive.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Blitzkrieg ransomware;
  • Restore them.

You can also try Windows Previous Versions feature

This option might help you recover separate files if System Restore was enabled before your PC got infected with ransomware.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer might restore all your files if conditions are right

If Blitzkrieg virus failed to delete Shadow Volume Copies, you have a high chance of recovering your data with ShadowExplorer.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No decryptor is currently available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Blitzkrieg and other ransomwares, use a reputable anti-spyware, such as Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References


Your opinion regarding Blitzkrieg ransomware