Bpsm ransomware (virus) - Free Instructions

Bpsm virus Removal Guide

What is Bpsm ransomware?

Bpsm ransomware – a dangerous malware that would lock your files, demanding ransom in return

Bpsm ransomwareBpsm ransomware is a Windows virus that would hold your files hostage

Bpsm is a malicious ransomware[1] threat that first appeared in January 2022 and belongs to the powerful Djvu family of malware. It typically spreads through pirated software installers and cracks, but other methods may exist too. Unfortunately, by the time users discover this attack it's usually already too late for their data as encryption has taken place before any warning signs were given.

The Bpsm virus utilises an RSA[2] encryption algorithm to keep individuals from retrieving their photos, videos, documents, and other essential files. All data loses its original icons (being substituted with blanks) while a .bpsm file extension is added at the end of each file – these are the common indicators that victims will recognize when they have been infected by ransomware.

Once the data-locking process is complete, users will find a _readme.txt ransom note demanding they pay $490 or $980 in bitcoin to regain access to their files. Cybercriminals can be contacted at support@fishmail.top and datarestorehelp@airmail.cc; however, we highly discourage this action as it would only encourage these Bpsm ransomware authors to continue with their scamming tactics without any assurance of recovering your lost data. To avoid being victimized by these scammers, you may follow our alternative steps detailed below for possibly better results.

Name Bpsm virus
Type Ransomware, file-locking malware
File extension .bpsm extension affixed to all personal files, rendering them useless
Family Djvu
Ransom note _readme.txt dropped at every location where encrypted files are located
Contact support@fishmail.top and datarestorehelp@airmail.cc
File Recovery There is no guaranteed way to recover locked files without backups. Other options include paying cybercriminals (not recommended, might also lose the paid money), using Emisoft's decryptor (works for a limited number of victims), or using third-party recovery software
Malware removal After disconnecting the computer from the network and the internet, do a complete system scan using the SpyHunter 5Combo Cleaner security program
System fix As soon as it is installed, malware has the potential to severely harm some system files, causing instability problems, including crashes and errors. Any such damage can be automatically repaired by using ReimageIntego PC repair

What the ransom note conveys

Djvu versions such as Bpsm, Znsm, or Iswr aim to make victims pay a ransom in order for them to regain access to their data. To maximize their effectiveness, these viruses encrypt all file formats including JPGs, TXTs, DOCs, and more. This malicious software deliberately avoids system files like executables so that the computer is still able to function normally; compromising the device's operating system is not their primary objective, although collateral damage might sometimes occur.

To inform users about the ransom payment and possibility of getting back files, malware drops a ransom note soon after the encryption process finishes. Here's what victims can read from there:

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-rmxjMZAZBJ
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
support@freshmail.top

Reserve e-mail address to contact us:
datarestorehelp@airmail.cc

Your personal ID:

As always, the attackers give victims a 50% discount if they pay within three days of the attack and even provide a free trial decryption service. All these psychological tactics are designed to persuade people that it is in their best interest to cooperate without delay.

However, law enforcement officials and the security industry strongly advise against paying these requested ransoms. Payments not only help the illegal activities of cybercriminals, but since cybercriminals can never be trusted, it's possible that the decryptor won't even function or will never be delivered.

Bpsm ransomware virusBpsm stems from a well-established malware family known as Djvu

Avoidance tips for the future

Many users who get infected with ransomware such as Bpsm might be in the state of shock initially, as they can no longer access their files. To avoid this terrible situation, it is better not to get infected in the first place.

The best way to avoid a ransomware attack is by practicing good cybersecurity habits. Here are a few tips that could help you prevent infections in the future:

  • Keep all software up-to-date with latest security patches.
  • Use strong passwords and two-factor authentication.
  • Be wary of suspicious emails and links.
  • Avoid software cracks and pirated installers.
  • Have an up-to-date antivirus program installed on all internet-connected devices.
  • Have a reliable backup system in place to ensure that you have a copy of your data in case of an attack.

How to remove Bpsm ransomware effectively

Panic can be a normal response when ransomware has locked your files, however try to stay calm. To prevent any further harm and ensure recovery of your data, it is critical to adhere to these steps in their specific order. The initial step should focus on the complete removal of ransomware from your system.

First, to protect the integrity of your network and other devices, you must unplug your computer from the internet if it is infected with malware. Malware often communicates to its remote Command & Control[3] server via web connection, so disconnecting completely will prevent any malicious activities from taking place.

When disconnected from the internet, you can initiate Bpsm ransomware removal. While manual extermination is possible, it requires comprehensive IT abilities and hence should be avoided at all costs. Utilize automatic malware removal software such as SpyHunter 5Combo Cleaner or Malwarebytes, which will identify and delete malicious files immediately. If malware is interfering with this process, access Safe Mode and perform a full system scan from there:

Windows 7 / Vista / XP

  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing the F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list.Windows XP/7

Windows 10 / Windows 8

  1. Right-click on the Start button and select Settings.
  2. Scroll down to pick Update & Security.
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find the Advanced Startup section.
  5. Click Restart now.Recovery
  6. Select Troubleshoot.Choose an option
  7. Go to Advanced options.Advanced options
  8. Select Startup Settings.Startup settings
  9. Click Restart.
  10. Press 5 or click 5) Enable Safe Mode with Networking.

Finally, you should check your system for damage to prevent crashes, errors, and other technical issues, which could occur as a result of malware intrusion. The easiest way of doing so is by scanning the system with ReimageIntego PC repair software, as reinstalling Windows system might be confusing and lengthy process for some.

Data restoration possibilities

Restoring the encrypted files typically requires paying the ransom, but this is not recommended as there is no guarantee that the attackers will actually provide the decryption key. Additionally, paying the ransom only serves to support and encourage the attackers, who will likely continue to carry out similar attacks in the future.

There are a few options you can try to restore your encrypted files without paying the ransom:

  • Try using a backup: If you have a recent backup of your files, you can restore them from the backup. This is the most reliable method for recovering your data, but it only works if you have a current backup.
  • Use file recovery software: There are several software programs that can scan your hard drive and attempt to recover deleted or damaged files. These programs may be able to recover some of your encrypted files.
  • Attempt to restore Bpsm files using Emsisoft's decryption tool that was specially crafter for Djvu ransomware victims. Keep in mind that this method may not always for for everyone, although trying it is always recommended for all victims.

Below you will find the instructions on how to deal with ransomware-encrypted files in an attempt to restore them. Before proceeding with restoration steps, please make backups of your locked files in case they would get damaged in the process. You will also find tips on how to backup your files for the future and how to report the incident to the authorities.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Bpsm virus. Follow these steps

Restore files using data recovery software

Since many users do not prepare proper data backups prior to being attacked by ransomware, they might often lose access to their files permanently. Paying criminals is also very risky, as they might not fulfill the promises and never send back the required decryption tool.

While this might sound terrible, not all is lost – data recovery software might be able to help you in some situations (it highly depends on the encryption algorithm used, whether ransomware managed to complete the programmed tasks, etc.). Since there are thousands of different ransomware strains, it is immediately impossible to tell whether third-party software will work for you.

Therefore, we suggest trying regardless of which ransomware attacked your computer. Before you begin, several pointers are important while dealing with this situation:

  • Since the encrypted data on your computer might permanently be damaged by security or data recovery software, you should first make backups of it – use a USB flash drive or another storage.
  • Only attempt to recover your files using this method after you perform a scan with anti-malware software.

Install data recovery software

  1. Download Data Recovery Pro.
  2. Double-click the installer to launch it.
    Launch installer
  3. Follow on-screen instructions to install the software. Install program
  4. As soon as you press Finish, you can use the app.
  5. Select Everything or pick individual folders where you want the files to be recovered from. Select what to recover
  6. Press Next.
  7. At the bottom, enable Deep scan and pick which Disks you want to be scanned. Select Deep scan
  8. Press Scan and wait till it is complete. Scan
  9. You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
  10. Press Recover to retrieve your files. Recover files

Use Emsisoft decrytor for Djvu/STOP

If your computer got infected with one of the Djvu variants, you should try using Emsisoft decryptor for Djvu/STOP. It is important to mention that this tool will not work for everyone – it only works if data was locked with an offline ID due to malware failing to communicate with its remote servers.

Even if your case meets this condition, somebody from the victims has to pay criminals, retrieve an offline key, and then share it with security researchers at Emsisoft. As a result, you might not be able to restore the encrypted files immediately. Thus, if the decryptor says your data was locked with an offline ID but cannot be recovered currently, you should try later. You also need to upload a set of files – one encrypted and a healthy one to the company's servers before you proceed.

  • Download the app from the official Emsisoft website. Download Djvu/Stop decryptor from Emsisoft
  • After pressing Download button, a small pop-up at the bottom, titled decrypt_STOPDjvu.exe should show up – click it.
    Click on decrypt_STOPDjvu.exe
  • If User Account Control (UAC) message shows up, press Yes.
  • Agree to License Terms by pressing Yes.
    Agree to License Terms
  • After Disclaimer shows up, press OK.
  • The tool should automatically populate the affected folders, although you can also do it by pressing Add folder at the bottom.
    Add folders
  • Press Decrypt.
    Decrypt Djvu files

From here, there are three available outcomes:

  1. Decrypted!” will be shown under files that were decrypted successfully – they are now usable again.
  2. Error: Unable to decrypt file with ID:” means that the keys for this version of the virus have not yet been retrieved, so you should try later.
  3. This ID appears to be an online ID, decryption is impossible” – you are unable to decrypt files with this tool.

Restore Windows "hosts" file to its original state

Some ransomware might modify Windows hosts file in order to prevent users from accessing certain websites online. For example, Djvu ransomware variants add dozens of entries containing URLs of security-related websites, such as 2-spyware.com. Each of the entries means that users will not be able to access the listed web addresses and will receive an error instead.

Here's an example of “hosts” file entries that were injected by ransomware:

Hosts file

In order to restore your ability to access all websites without restrictions, you should either delete the file (Windows will automatically recreate it) or remove all the malware-created entries. If you have never touched the “hosts” file before, you should simply delete it by marking it and pressing Shift + Del on your keyboard. For that, navigate to the following location:

C:\\Windows\\System32\\drivers\\etc\\

Delete Windows "hosts" file

Create data backups to avoid file loss in the future

One of the many countermeasures for home users against ransomware is data backups. Even if your Windows get corrupted, you can reinstall everything from scratch and retrieve files from backups with minimal losses overall. Most importantly, you would not have to pay cybercriminals and risk your money as well.

Therefore, if you have already dealt with a ransomware attack, we strongly advise you to prepare backups for future use. There are two options available to you:

  • Backup on a physical external drive, such as a USB flash drive or external HDD.
  • Use cloud storage services.

The first method is not that convenient, however, as backups need to constantly be updated manually – although it is very reliable. Therefore, we highly advise choosing cloud storage instead – it is easy to set up and efficient to sustain. The problem with it is that storage space is limited unless you want to pay for the subscription.

Using Microsoft OneDrive

OneDrive is a built-in tool that comes with every modern Windows version. By default, you get 5 GB of storage that you can use for free. You can increase that storage space, but for a price. Here's how to setup backups for OneDrive:

  1. Click on the OneDrive icon within your system tray.
  2. Select Help & Settings > Settings.
    Go to OneDrive settings
  3. If you don't see your email under the Account tab, you should click Add an account and proceed with the on-screen instructions to set yourself up.
    Add OneDrive account
  4. Once done, move to the Backup tab and click Manage backup.
    Manage backup
  5. Select Desktop, Documents, and Pictures, or a combination of whichever folders you want to backup.
  6. Press Start backup.
    Pick which folders to sync

After this, all the files that are imported into the above-mentioned folders will be automatically backed for you. If you want to add other folders or files, you have to do that manually. For that, open File Explorer by pressing Win + E on your keyboard, and then click on the OneDrive icon. You should drag and drop folders you want to backup (or you can use Copy/Paste as well).

Using Google Drive

Google Drive is another great solution for free backups. The good news is that you get as much as 15GB for free by choosing this storage. There are also paid versions available, with significantly more storage to choose from.

You can access Google Drive via the web browser or use a desktop app you can download on the official website. If you want your files to be synced automatically, you will have to download the app, however.

  1. Download the Google Drive app installer and click on it.
    Install Google Drive app
  2. Wait a few seconds for it to be installed. Complete installation
  3. Now click the arrow within your system tray – you should see Google Drive icon there, click it once.
    Google Drive Sign in
  4. Click Get Started. Backup and sync
  5. Enter all the required information – your email/phone, and password. Enter email/phone
  6. Now pick what you want to sync and backup. You can click on Choose Folder to add additional folders to the list.
  7. Once done, pick Next. Choose what to sync
  8. Now you can select to sync items to be visible on your computer.
  9. Finally, press Start and wait till the sync is complete. Your files are now being backed up.

Report the incident to your local authorities

Ransomware is a huge business that is highly illegal, and authorities are very involved in catching malware operators. To have increased chances of identifying the culprits, the agencies need information. Therefore, by reporting the crime, you could help with stopping the cybercriminal activities and catching the threat actors. Make sure you include all the possible details, including how did you notice the attack, when it happened, etc. Additionally, providing documents such as ransom notes, examples of encrypted files, or malware executables would also be beneficial.

Law enforcement agencies typically deal with online fraud and cybercrime, although it depends on where you live. Here is the list of local authority groups that handle incidents like ransomware attacks, sorted by country:

Internet Crime Complaint Center IC3

If your country is not listed above, you should contact the local police department or communications center.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Bpsm and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Protect your privacy – employ a VPN

There are several ways how to make your online time more private – you can access an incognito tab. However, there is no secret that even in this mode, you are tracked for advertising purposes. There is a way to add an extra layer of protection and create a completely anonymous web browsing practice with the help of Private Internet Access VPN. This software reroutes traffic through different servers, thus leaving your IP address and geolocation in disguise. Besides, it is based on a strict no-log policy, meaning that no data will be recorded, leaked, and available for both first and third parties. The combination of a secure web browser and Private Internet Access VPN will let you browse the Internet without a feeling of being spied or targeted by criminals. 

No backups? No problem. Use a data recovery tool

If you wonder how data loss can occur, you should not look any further for answers – human errors, malware attacks, hardware failures, power cuts, natural disasters, or even simple negligence. In some cases, lost files are extremely important, and many straight out panic when such an unfortunate course of events happen. Due to this, you should always ensure that you prepare proper data backups on a regular basis.

If you were caught by surprise and did not have any backups to restore your files from, not everything is lost. Data Recovery Pro is one of the leading file recovery solutions you can find on the market – it is likely to restore even lost emails or data located on an external device.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References