Cyber attacks have become part and parcel of our increasingly digitized lives. It is harder and harder to keep track of all the software we use on a regular basis. It is harder still to ensure that everything is up to date with the latest patches and code updates. If you have just opened a folder on your device to find a (.bbbw) extension after your filenames and failed to open those files, you are probably a victim of a ransomware attack. Here’s some help.
What is a ransomware infection?
Ransomware infections are a type of malicious software that is designed to block access to a computer system or files until a ransom is paid. These attacks can cause significant disruption to individuals and organizations, potentially resulting in the loss of sensitive data or financial damage. Ransomware can be spread through various methods, including phishing emails, malicious websites, or compromised software.
Once a system is infected, the ransomware will typically encrypt files on the computer or network, making them inaccessible until a ransom is paid. It’s important to take steps to prevent ransomware infections, such as keeping software up to date, using strong passwords, and being cautious when opening email attachments or clicking on links from unknown sources.
What happens if you are infected with the .bbbw ransomware?
The .bbbw virus belongs to a family of ransomware infections called STOP/DJVU. STOP/DJVU is a family of ransomware-type infections that first emerged in late 2017. Like other types of ransomware, this malware is designed to encrypt files on an infected computer and demand payment in exchange for the decryption key.
STOP/DJVU is known for using a variety of tactics to spread, including through spam emails, malicious websites, and software vulnerabilities.
- Once installed on a computer, STOP/DJVU will encrypt files and append a new file extension to them, such as “.djvu” or “.tro”.
- The attackers demand payment in Bitcoin to restore access to the encrypted files.
For instance, when a computer gets infected with this virus, files with extensions such as “.mp3” will have an additional extension “.bbbw” added to them. Moreover, the attackers will also include a text document in the infected folder that informs the user that their data has been encrypted.
The cybercriminals demand a high ransom for a decryption tool that is allegedly the only way to regain access to the encrypted data. In an attempt to gain the victim’s trust, they offer to decrypt one of the infected files and direct victims to contact them through one of the provided email addresses.
While some decryption tools exist for certain variants of STOP/DJVU, victims are often left with little choice but to pay the ransom or lose access to their data. Prevention is key in protecting against ransomware infections like STOP/DJVU.
Also Read – How to Fix Can’t Open The Page Error on Safari?
How to remove the .bbbw encryption?
As we’ve mentioned earlier, the thing with ransomware from the STOP/DJVU family is that there is no easy household way of decrypting your files. But if you have backed your data up, you are in luck.
If your data is backed up
You have already beaten the hackers. They cannot force you to pay a ransom for data you have already backed up. But wait, do not restore the data on your infected computer right away. Follow the steps
- Boot your PC into safe mode
- Download an antivirus and run a scan for the infected files and malware.
- Run your PC out of safe mode and delete all infected components.
- Use the system restore feature to get your computer back at the stage it was in before the infection (the feature is called Time Machine in MacOS)
- Restore the backed up files.
If your data is not backed up
You will have to get a decryption tool to get your files back. There are multiple tools you can use for the purpose, Emsisoft is one such tool. After you have downloaded the tool, the process is pretty simple.
- Run the decryptor as an administrator
- Agree to the licensing terms
- Add the encrypted folders to the decryptor tab
- From the options tab check the keep encrypted files option. (This is ensure you still have the encrypted files in case the decryptor somehow deletes or alters the contents of the files.)
- Click on decrypt
Let the decryption process take place. Once you get back your data, create a backup. And run a thorough malware cleanup.
When is it necessary to pay ransom?
If the attackers have used an online key to encrypt your files then no decryptor is likely to have the key and you may have no other way but to pay ransom. Also if the decryption key is temporarily unavailable and you need your files right away, you will have to pay ransom. Try a handful of decryptors before you give in and decide to pay.
