Severity scale:  
  (99/100)

Remove BNFD ransomware (Virus Removal Instructions) - Virus Removal Guide

removal by Julie Splinters - - | Type: Ransomware

BNFD ransomware – cryptovirus using double military grade algorithms to encrypt victim personal data

BNFD ransomwareBNFD ransomware is a data-locking computer virus that might result in a personal data loss

BNFD ransomware is a new cryptovirus from the Matrix ransomware family. BNFD virus' purpose is to encrypt[1] users' personal data, with military strength algorithms (AES-256 and RSA-2048), upon gaining access to the device and demand a ransom for decryption. This malware appends all non-system files with a three-part extension:

  • criminal contact email in brackets – [Benford333@criptext.com]
  • sequence of random characters
  • and an extension – .BNFD

After the encryption is complete, a ransom note, named BNFD_README.rtf, is created. In the message, the cybercriminals state that the victims' files have been encoded and that they're the only ones that can undo this. Three email addresses are given to get in touch with the perpetrators, and owners of the contaminated devices should write to all of them instantly. Also, a unique ID is prescribed to each victim. As a gesture of good faith, the perps are offering to send them three files for a free decryption, thus proving that the decryption tool/key exists. Neither the amount of the ransom nor the probable crypto wallet isn't provided in the note.

name   BNFD virus, BNFD ransomware, .BNDF malware
Type Malware, Cryptoware, Ransomware
Family Matrix ransomware family
Appended extension All non-system files appended with three-part extensions – criminal contact email in brackets, sequence of random characters and an .BNFD extension, e.g., [Benford333@criptext.com].01234567890qwerty.BNFD
Ransom note  BNFD_README.rtf
Criminal contact details  Three emails are provided: Benford333@criptext.com, Benford333@protonmail.com, Benford333@tutanota.com
distribution  File-sharing platforms, spam email campaigns
removal  BNFD virus removal should be trusted to professionals like SpyHunter 5Combo Cleaner or Malwarebytes
system fix  Malware potentially does altercations to system files. We strongly advise using ReimageIntego tool to automatically find and fix any changes done by the virus

Even though contacting the cybercriminals and meeting their demands might seem like the only option to regain access to locked files, sit down and rethink what you might be getting yourself into. There are numerous cases that after the victims have paid the ransom – nothing happened, i.e., creators of the ransomware didn't send the promised decryption tool/key.[2]

Nowadays, it is strongly recommended to keep backups of sensitive information. In case of a cyberthief attack, information in an offline storage device would be safe. Also, to have a reliable anti-malware software that would detect and remove BNFD virus and malware alike. 

BNFD ransomware removal might still be not enough for users' to fully enjoy their device. Matrix family ransomware is known to mess up computer system files, leading to devices irregular work. Experts[3] also advise using ReimageIntego to automatically find and restore what the virus has done to your system files and system settings.

BNFD ransomware virusBNFD virus is ransomware-type virus that spreads via spam emails, exploits, malicious links, and other methods

Ransom note, in BNFD_README.rtf, contains this message:

ALL YOUR VALUABLE DATA WAS ENCRYPTED!

All yоur filеs wеrе еnсrуptеd with strоng crуptо аlgоrithm АЕS-256 + RSА-2048.
Plеаsе bе surе thаt yоur filеs аrе nоt brоkеn аnd уоu cаn rеstоrе thеm tоdаy.

If yоu rеаllу wаnt tо rеstоrе yоur filеs plеаsе writе us tо thе е-mаils:
Benford333@criptext.com
Benford333@protonmail.com
Benford333@tutanota.com
In subjеct linе writе уоur ID: –

Impоrtаnt! Plеаsе sеnd yоur mеssаgе tо аll оf оur 3 е-mаil аddrеssеs. This is rеаllу impоrtаnt bеcаusе оf dеlivеrу prоblеms оf sоmе mаil sеrviсеs!
Important! If you haven't received a response from us within 24 hours, please try to use a different email service (Gmail, Yahoo, AOL, etc).
Important! Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.
Important! We are always in touch and ready to help you as soon as possible!

Аttаch up tо 3 smаll еncrуptеd filеs fоr frее tеst dесryption. Plеаsе nоte thаt thе filеs yоu sеnd us shоuld nоt cоntаin аnу vаluаblе infоrmаtiоn. Wе will sеnd yоu tеst dеcrуptеd files in оur rеspоnsе fоr yоur cоnfidеnсе.
Of course you will receive all the necessary instructions hоw tо dеcrуpt yоur filеs!

Important!
Plеаsе nоte that we are professionals and just doing our job!
Please dо nоt wаstе thе timе аnd dо nоt trу to dесеive us – it will rеsult оnly priсе incrеаsе!
Wе аrе alwауs оpеnеd fоr diаlоg аnd rеаdy tо hеlp уоu.

Cybercriminals' creative ways of spreading their infections

Cybercriminals are a malicious but a creative bunch. They tend to camouflage their “products” as totally legit, inconspicuous files on file-sharing platforms, such as torrent sites or social media platforms. Unaware users might think that they're downloading some game cheat codes or a “crack”, when actually their computers are about to be infected.

Email spam is another popular way for cyberthieves to catch unsuspecting people. Soon to be victims don't realize that by opening a mischievous email attachment without scanning it with a powerful anti-malware tool first, they're getting themselves a major headache.

These are just a few methods the cybercriminals are using. There are plenty more naughty ways at their disposal. To stay safe, people should always use powerful antivirus software and always keep backups.

Instructions for BNFD virus removal

The longer the ransomware stays on users' device, the more harm it could do. BNFD virus removal should be almost the the first action after it is detected by anti-malware software. However, if you have no backups to restore your data from, we recommend you make a copy of your most valuable encrypted data.

BNFD ransomware encrypted filesOnce BNFD ransomware finishes the encryption process, there is little chance of restoring files without backups

To remove BNFD ransomware, use SpyHunter 5Combo Cleaner or Malwarebytes. It will automatically allocate the ransomware and all its files, isolate and remove them. Do the same thing if no such software was on the device. These trustworthy apps will protect your device from future attacks.

Matrix ransomware family viruses are known to damage, mess up, and modify computer system files. These altercations will cause the user device to exhibit abnormal behavior, such as overheating, extreme lag, crashes, etc. To restore the changes made by the virus, with a push of a button, use the ReimageIntego tool as it will automatically find and repair all affected system files.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove BNFD virus, follow these steps:

Remove BNFD using Safe Mode with Networking

Access Safe Mode with Networking and perform a full system scan from there:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove BNFD

    Log in to your infected account and start the browser. Download ReimageIntego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete BNFD removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove BNFD using System Restore

In some cases, System Restore can aid you with virus elimination:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of BNFD. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with ReimageIntego and make sure that BNFD removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove BNFD from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by BNFD, you can use several methods to restore them:

Data Recovery Pro method might be just for you

Data Recovery Pro is a recovery tool that might be able to restore at least some of your lost files.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by BNFD ransomware;
  • Restore them.

Rely on Windows Previous Versions feature

This method would only work if you had system restore point prepared and it was not deleted by the infection. 

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Use ShadowExplorer to recover you files

This app will only work if malware failed to delete Shadow Copies.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No decryptor is currently available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from BNFD and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.

 

Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

References

Your opinion regarding BNFD ransomware