BDKR Ransomware

BDKR Ransomware is an infection that attaches “id—[unique code].BDKR” extension to all of the files it encrypts. The bad news is that this malicious threat can encrypt lots of them. In fact, it was discovered that this piece of malware can encrypt every file on your system, unless it is stored in the %WINDIR% directory. The infection is very powerful, and if it invades your operating system, you are in big trouble. At least, right now you are. The infection is a new variant of an old infection know by the name “LockCrypt.” According to our malware research team, previous versions of this malicious threat were known to be decryptable, which means that free decryptors would be discovered or created to assist victims. A decryptor that would assist victims of the latest variant did not exist at the time of research, but you should definitely look into that if your personal files were corrupted, and you have no way of recovering them. While decryption might be the topic you are most interested in, we focus on the removal of BDKR Ransomware in this report. Even if your files were encrypted permanently, you must delete this infection.

Spam emails, malicious downloaders, and unsecure remote access channels are among the most common backdoors used for the distribution of the malicious BDKR Ransomware. After it is executed, an encryption key is created to start the encryption process. Afterward, a copy called “searchfiles.exe” – although we cannot guarantee that the name would not be changed – is created in the %WINDIR% directory. The same one that the infection does not touch. A point of execution for this file (“searchfiles”) is created in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry. So, even if you remove the original launcher of the ransomware, you will not stop it unless you remove the copy as well! Another component created by the infection is a ransom note file called “How To Restore Files.txt.” Copies of this file are dropped everywhere, and you should delete every single one. Just like the executable file, the main TXT file has a point of execution called “unlock” in the same location. Besides encrypting files and creating new ones, BDKR Ransomware also kills launched applications. Luckily, the infection does not affect the Task Manager, and that makes it easier to terminate malicious processes and remove the infection.

The “How To Restore Files.txt” file created by BDKR Ransomware is not dangerous to open, but the message can be very dangerous. The purpose of it is to convince you that you need to obtain a “decoder card,” which you, allegedly, can do by sending a message to big_decryptor@aol.com. The ransom note tries to make you believe that your files were infected by a virus, but you would not need a decoder if that was the case, and so it is clear that your files were encrypted. Also, it is suggested that the “card” would have to be purchased with Bitcoins, and while the exact sum is not revealed, surely, it would be after you sent the email. We do not advise corresponding with cyber criminals, paying the ransom, downloading files, or doing anything else in relation to BDKR Ransomware. You do not want to be scammed even more, and if you put your money down towards the decryptor card, there is little doubt that you would not get anything in return for it. Keep it and invest it in reliable anti-malware software instead.

Manual removal of BDKR Ransomware might entice you, but you have to be smart about what you do. Even if you are able to delete the infection manually, your operating system will remain weak and vulnerable, and that is something to think about. If you decide to delete BDKR Ransomware using the guide provided by our malware experts, you want to make sure that you take appropriate steps to protect your operating system. At the end of the day, you really want to employ anti-malware software, and if you agree with us that it is time to do it, you do not need to worry about the elimination of the ransomware because the anti-malware software you download will get rid of it automatically. If files cannot be decrypted, hopefully, they can be restored from backups. If you did not back up your files before, we suggest you do that in the future to ensure that files are not lost even if your PC gets corrupted by malware again.

BDKR Ransomware Removal

1. Tap Ctrl+Alt+Delete and select Start Task Manager.
2. In the Processes tab select a process named searchfiles.exe and click End process.
3. Right-click the {random name} process named after the launcher of the infection.
4. Select Open file location.
5. In Task Manager, select the process and click End process.
6. In the file location, right-click and Delete the {random name}.exe launcher file.
7. Tap keys Win+E to launch Explorer.
8. Enter %WINDIR% into the field at the top.
9. Right-click and Delete the copy of the launcher (should be named searchfiles.exe).
10. Delete all copies of the ransom note file, How To Restore Files.txt.
11. Tap Win+R to launch RUN.
12. Type regedit.exe and click OK to launch Registry Editor.
13. Move to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\.
14. Right-click and Delete a value named searchfiles linked to the searchfiles.exe file.
15. Right-click and Delete a value named unlock linked to the How To Restore Files.txt file.
16. Exit all windows and then Empty Recycle Bin.
17. Quickly install a legitimate malware scanner and perform a full system scan.