Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

.BACKUP Ransomware

There is little doubt that .BACKUP Ransomware has corrupted your operating system if you have found the “.BACKUP” extension attached to all of your personal files. This malicious infection belongs to the group of malware that encrypts files with the purpose of terrorizing victims into paying ransoms for tools or keys that, allegedly, could decrypt data. Although it has unique features, the infection is very similar to other threats from the same group. It is most important to note that the ransomware can encrypt files everywhere on the disk. Unlike some threats, it does not go after specific directories, and, instead, it simply looks for certain files with specific extensions. Without a doubt, the threat is most likely to go after photos, media files, and documents because these files are the most sensitive and valuable. Hence, you are more likely to pay for them; at least, in comparison to system files that can be easily downloaded online. Unfortunately, some people might give in, and that could be a mistake. The only recommendation we have for you is to remove .BACKUP Ransomware.

The malicious .BACKUP Ransomware is a variant of CryptoMix Ransomware. We have seen other infections that are linked to this threat, including Mole66 Ransomware, 0000 Ransomware, and Zayka Ransomware. These threats can be spread in many different ways, but our researchers inform that misleading spam email attachments and vulnerable RDP connections are exploited most frequently. As soon as these infections slither in, they begin the encryption process. At this time, it is not known which encryption method .BACKUP Ransomware employs, but it is most likely to use RSA or AES encryptor. After the process is complete, and the extension is attached, a file named “_HELP_INSTRUCTION.TXT” is created. Although it is a file created by the ransomware, it is completely safe for you to open it. It is not a functional file, and its only purpose is to deliver the message that cyber criminals have for you. That being said, this file must be deleted during the elimination process. In fact, every single component of the malicious ransomware must be removed without exception.

The ransom note file, _HELP_INSTRUCTION.TXT, immediately informs that personal data was encrypted, and then it instructs to send a special ID number to six different email addresses. These include:,,,,, and It is stated that a response would be issued right away, and while it is not said in the ransom note, we can guarantee that the response would include ransom payment instructions. Although threats that serve no real purpose exist, .BACKUP Ransomware is not one of them, and its creators built it to get your money. Victims who are not familiar with how ransomware operates and who are desperate to get their files back might be convinced that this is the only way out. Unfortunately, it is most likely that there is nothing anyone can do to help you recover personal data. To the knowledge of our malware researchers, legitimate free decryption tool cannot help you in this situation either. The only thing that can help you is file backups. Hopefully, you still have a secondary access to your personal files after you delete .BACKUP Ransomware via backups.

Can you recognize malicious processes, files, and registries? This is the most important questions to ask yourself if you are thinking about deleting .BACKUP Ransomware manually. If you do not have experience identifying malicious components, but you are sure you want to try out manual removal, you need to be extremely careful. Of course, we recommend that instead of trying to catch and eliminate malware, you install software that could take care of all of this automatically. A trusted anti-malware program can do a lot for you. In a situation like this, it can automatically remove .BACKUP Ransomware and other active threats. Additionally – and most importantly – it can protect your operating system against malware invasion in the future. Of course, to keep malware away, you yourself need to be more cautious. Do NOT interact with unfamiliar emails, installers, or links, and do not keep your system unguarded. To ensure this, always install all security updates in time, and set up trustworthy anti-malware software.

.BACKUP Ransomware Removal

  1. Tap keys Ctrl+Alt+Delete and click Start Task Manager.
  2. Click the Processes tab and scan the list for unfamiliar malicious processes.
  3. If you find a process you are sure belongs to ransomware, right-click it and select Open file location.
  4. End process and Delete the malicious file. Some of the potential locations of this file include:
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
    • %TEMP%
  5. Tap keys Win+E to launch Windows Explorer.
  6. Type %ALLUSERSPROFILE% into the bar at the top and tap Enter.
  7. Right-click and Delete the malicious {random name}.exe file.
  8. Tap keys Win+R to launch RUN.
  9. Type regedit.exe into the dialog box and click OK.
  10. Navigate to HKCU\SOFTWARE\Microsoft\CurrentVersion\Run.
  11. Delete the malicious {random name} value (name e.g., 00FF0EBC2F2).
  12. Empty Recycle Bin and then quickly perform a full system scan with the help of a legitimate malware scanner. Should any malicious threats be found, you must erase them right away.
Download Spyware Removal Tool to Remove* .BACKUP Ransomware
  • Quick & tested solution for .BACKUP Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.