I wrote this article to help you remove BonziBuddy Ransomware. This BonziBuddy Ransomware removal guide works for all Windows versions.
BonziBuddy ransomware was discovered in the first half of November. The name of the win-locker may ring a bell. The clandestine program is named after an interactive application, used as a desktop helper in early versions of Windows. The tool was supported from 1999 to 2004. Before we continue, we need to set the record straight by noting that there is no relation between the desktop assistant and BonziBuddy ransomware. The developers of the win-locker have stolen the name of the tool and the animated monkey which was its main feature. The next item they intend to steal is your earnings.
BonziBuddy ransomware has been created to make money by forcing users to pay its developers. The malevolent program locks people’s personal files and demands a certain sum to make them accessible again. BonziBuddy ransomware uses a basic code scheme which is less efficient than the established algorithms, used by other win-lockers. Still, the virus manages to encrypt common file types, like text documents, images, databases, archives, zipped folders, audios, videos and others.
Upon completing the encryption process, BonziBuddy ransomware opens a program window on the screen. It resembles the user interface of the desktop assistant. The display contains a basic message, with some offensive remarks. The win-locker informs the victim that his files have been encrypted. It explains that he has to pay a ransom to have his access restored. There is little explanation about what you are required to do. It can only be assumed that upon agreeing to pay the sum, the cyber criminals will provide further information.
Since the details have not come out yet, there is still little we can say about BonziBuddy ransomware. In fact, the win-locker appears to be incomplete. Upon conducting detailed analysis on the malignant program, security experts have been led to believe that it is a prototype. The simple encryption code hints that the authors of BonziBuddy ransomware may be amateur developers. Another possibility is that the trials for the win-locker are still ongoing and the coders published an early version to test the waters. We can only make assumptions at this point in time, but there is a constant disposition which does not depend on the ultimate result.
You should not pay the ransom. Paying the cyber criminals does not guarantee that your files will be decrypted. There have been many instances of ransomware developers collecting the fee and leaving the user’s files encrypted. Even if your data is restored, there is still an underlying risk. BonziBuddy ransomware may be programmed to create registry entries and drop files in system folders. The virus can be installed again in time. The only safe way to remove a win-locker is with an anti-virus utility.
It would be best, if you prevent programs like BonziBuddy ransomware from entering your computer. The win-locker uses a couple of shady distribution techniques which we will refer to as dark patterns. The preferred entry point for the secluded program is through a spam email. BonziBuddy ransomware can get downloaded and subsequently installed after you access an infected attachment. The spammer who has sent the containing email will try to make you believe that the file is an important document on an urgent matter. We advise you to proof the reliability of your messages before opening files from them. Check the sender’s contacts.
The other way for BonziBuddy ransomware to get installed to your computer is through another tool. The win-locker can merge its setup file with the executable of another application, like a freeware or shareware program. The unwanted software will be included for install and selected per default. You have to find where it is listed amid the terms and conditions and deselect it. Take the time to read the end user license agreement (EULA) of the software you add to your system, and never accept extra tools.
BonziBuddy Ransomware Uninstall
Method 1: Restore your encrypted files using ShadowExplorer
Usually, BonziBuddy Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.
- Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
- Install ShadowExplorer
- Open ShadowExplorer and select C: drive on the left panel
- Choose at least a month ago date from the date field
- Navigate to the folder with encrypted files
- Right-click on the encrypted file
- Select “Export” and choose a destination for the original file
Method 2: Restore your encrypted files by using System Restore
- Go to Start –> All programs –> Accessories –> System tools –> System restore
- Click “Next“
- Choose a restore point, at least a month ago
- Click “Next“
- Choose Disk C: (should be selected by default)
- Click “Next“. Wait for a few minutes and the restore should be done.
Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since BonziBuddy Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs: