Categories
security software Technology Reviews

bDAT ransomware

What is bDAT ransomware?

bDAT ransomware is a malicious program that attempts to extort money from innocent computer users

bDAT ransomware

The bDAT virus is ransomware that specifically targets people and requests money from them. Upon entrance, it immediately infects the system and starts to encrypt all data using a complex encryption algorithm. Dharma – a malware family this threat belongs to) often employs AES, DES, or RSA[1] encryption algorithms, depending on the version. This results in pictures, documents, databases, videos, and any other files receiving the .bDAT extension, along with cybercriminals’ contact email and unique user ID.

From this point, whenever users would try to open bDAT files, they would instead receive a Windows error, which claims that the file type is not recognized, and attempts to open files with different applications would result in a failure every time. This is because a secure encryption algorithm is used, and only a precise key consisting of a long alphanumeric string would be able to unlock them.

bDAT ransomware then drops a ransom note titled info.txt, which shows a brief message with the contact email [email protected]. Users would also see a pop-up message which would include a much more detailed description of the attack. We recommend not communicating with cybercriminals and instead relying on alternative methods to restore encrypted data after eliminating the virus first.

NamebDAT virus
TypeRansomware, file-locking malware
File extension.summer appended to all personal files, rendering them useless
FamilyDharma
Ransom noteinfo.txt
Contact[email protected], [email protected]
File RecoveryThe only secure way to restore files is by using data backups. If such is not available or were encrypted as well, options for recovery are very limited – we provide all possible solutions below
Malware removalAfter disconnecting the computer from the network and the internet, do a complete system scan using the SpyHunter 5Combo Cleaner security program.
System fixAs soon as it is installed, malware has the potential to severely harm some system files, causing instability problems, including crashes and errors. Any such damage can be automatically repaired by using ReimageIntego PC repair

The ransom note

The virus has its origins in the Dharma ransomware family, which made its debut in 2022. Since then, there have been hundreds of variations released by malware authors – many of which we have written about already, including Cyberpunk, Ash, Iq20, and many others. In fact, Dharma authors have released hundreds of variants so far, and while they may differ technically, their purpose remains the same – to extort money from users after encrypting their files.

Just like any other malware of this type, it attempts to make sure that users receive relevant information about the attack once it’s done with the data-locking process. Thus, it immediately delivers a pop-up message which would be shown to every victim of ransomware. It reads:

YOUR FILES ARE ENCRYPTED
cyberpunk
Don’t worry, you can return all your files!
If you want to restore them, write to the mail: [email protected] YOUR ID
If you have not answered by mail within 12 hours, write to us by another mail:[email protected]
ATTENTION!
We recommend you contact us directly to avoid overpaying agents
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

There is also a shorter version of this message, which can be viewed in a text file info.txt, and is dropped into several locations on a PC. This message only includes information about what happened to users’ files and provides contact emails.

bDAT ransomware virus

Regardless of which ransom note you view, we recommend avoiding any contact with cybercriminals. They may never fulfill their promises and never contact you again, even if you’ve paid the ransom. Alternatively, they might send you a decryptor that doesn’t work, and there are no guarantees here – it’s no shop where you can return faulty products.

How to remove bDAT ransomware correctly

It’s normal to feel panicked when you can no longer access your files because ransomware has locked them, but this reaction cannot solve anything. In fact, panicking may cause victims to make more mistakes and lose even more data. To prevent additional damage, it is crucial to follow recovery steps in order.

1. Disconnect the system from the network and internet

To prevent your computer from communicating with the remote server that hackers are using to store a decryption tool and issue commands, sever its internet connection before you start recovery procedures.

2. Scan with anti-malware

Ransomware can sometimes delete itself after encrypting your files, but this doesn’t mean it’s completely gone. Other modules may still be present that could steal data or work together with other malicious programs on your device.

SpyHunter 5Combo Cleaner or Malwarebytes can locate and delete all ransomware-related files, additional modules, and any other malware that might be present on your system. The security software is easy to use – you don’t need any IT experience – and it’s been successful in removing malware. If the process of removing the malware is being disrupted, you should follow these instructions to access Safe Mode and perform the removal from there:

Windows 7 / Vista / XP

  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing the F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list.Windows XP/7

Windows 10 / Windows 8

  1. Right-click on the Start button and select Settings.
  2. Scroll down to pick Update & Security.
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find the Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot.
  7. Go to Advanced options.
  8. Select Startup Settings.Startup settings
  9. Click Restart.
  10. Press 5 or click 5) Enable Safe Mode with Networking.

3. Attempt to restore your files without paying

There is a common misconception that security software will automatically restore all personal files to their original state. This is untrue. The primary purpose of anti-malware software is removing infected files from the system in order to avoid any future issues, not restoring files that have been encrypted by ransomware – it’s simply a completely different mechanism.

There is also a group of victims who believe that their files have been permanently damaged by malware. While this is not impossible (wipers[2] are known to do so), most ransomware simply locks files behind a complex key, which is only accessible to cybercriminals. Without it, restoring .bDAT files may be almost impossible.

However, we recommend trying alternative methods which may be useful for some users. First off, attempt to run third-party recovery software:

Your other option is to wait for security researchers and security companies to create a free decryption tool. This usually happens when a flaw is discovered within the malware’s encryption code or when the authorities seize the servers owned by cybercriminals. Note that this may or may not happen in the future, although we recommend following these links in the search for a decryptor for bDAT ransomware:

No More Ransom Project

4. Fix system crashes and other stability issues

Malware is a complex program that circumvents in-built security and alters Windows’ behavior. Some system components may be unintentionally damaged during an infection, which can cause software or the computer itself to crash with BSODs[3] or display errors. This is more common after malware has been removed from the affected machine since antivirus software can’t repair corrupted system files caused by malware. Thus, we recommend you use an automatic solution that would remediate your system and remove any damage done by ransomware:

Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

There are several ways how to make your online time more private – you can access an incognito tab. However, there is no secret that even in this mode, you are tracked for advertising purposes. There is a way to add an extra layer of protection and create a completely anonymous web browsing practice with the help of Private Internet Access VPN. This software reroutes traffic through different servers, thus leaving your IP address and geolocation in disguise. Besides, it is based on a strict no-log policy, meaning that no data will be recorded, leaked, and available for both first and third parties. The combination of a secure web browser and Private Internet Access VPN will let you browse the Internet without a feeling of being spied or targeted by criminals. 

If you wonder how data loss can occur, you should not look any further for answers – human errors, malware attacks, hardware failures, power cuts, natural disasters, or even simple negligence. In some cases, lost files are extremely important, and many straight out panic when such an unfortunate course of events happen. Due to this, you should always ensure that you prepare proper data backups on a regular basis.

If you were caught by surprise and did not have any backups to restore your files from, not everything is lost. Data Recovery Pro is one of the leading file recovery solutions you can find on the market – it is likely to restore even lost emails or data located on an external device.