Banta Ransomware

Banta Ransomware is a Windows infection that is meant to corrupt your personal files and then make you pay money to get it decrypted. Unfortunately, cyber criminals cannot be forced to provide you with a decryptor, and so paying money for it is extremely risky. Our research team does not recommend wasting your money, but since files cannot be decrypted manually or using third-party tools, you might be out of options. What about backups? Do you have copies of your personal files stored outside your operating system, on external or cloud drives? If you have, there is nothing else to think about. First, remove Banta Ransomware from your operating system to ensure that this dangerous infection can no longer cause problems. Next, check your backups, and, if you need it, transfer the copies to replace the corrupted files. If you want to learn more about this malicious infection, or if you need help deleting it, we suggest that you continue reading.

According to our malware research team, Banta Ransomware is a new variant of Phobos Ransomware. This malware is a copycat of the infamous Dharma Ransomware, but the .NET language is different, and the code is obfuscated. To spread this malicious infection, the attackers behind it are likely to employ spam emails, misleading downloaders, or remote access vulnerabilities. After successful infiltration, Banta Ransomware starts encrypting files right away. It seems that it encrypts files in very specific locations, which include %APPDATA%, %HOMEDRIVE%, %PROGRAMFILES%, and %USERPROFILE% directories. Unfortunately, all different kinds of files are encrypted, except for .com files. If your personal photos, important documents, or other personal content is stored here, they are encrypted, and the “.id[code].[bytens@cock.li].banta” extension is added to their names. Although it is possible to delete this extension, this action does not change the data within the files back to normal, and that is what you need to have your files readable again. Sadly, removing the infection itself cannot help with it, and, at the time of research, third-party tools could not help either.

After encryption, you should find a file named “info.txt” created on the Desktop. This file represents a message, which instructs to email bytens@cock.li or backuping@protonmail.com to get started with the decryption. Obviously, if you make this move, you will not be provided with a decryptor. Instead, you will be asked to pay the ransom for it. Banta Ransomware should also launch a window titled “encrypted,” which also displays a message. It instructs to send a message to the same email addresses, but it also reveals that a ransom in Bitcoin would have to be paid in return for a decryptor. The attackers offer to decrypt 5 files for free, but note that that does not mean that you would get a decryptor after paying the ransom. The message also includes instructions on how to obtain Bitcoins, as well as warnings about renaming files and using third-party decryption tools. Even if you have no other option, following the instructions of cyber criminals is not recommended because they cannot be trusted. If you choose to take a gamble, do so at your own risk.

While we cannot help you restore your files, we can help you delete Banta Ransomware. Of course, we cannot guarantee that every victim will be able to remove this malicious threat manually, and that is because the location and name of its launcher depend on how it is dropped. The guide below lists a few common locations that you should check for recently downloaded suspicious files. If you are unable to remove Banta Ransomware yourself, we suggest installing an anti-malware program that will be able to do it automatically. At the same time, it will also reinforce your system’s security, and that will prevent new threats from slithering in without your notice. While you might be most concerned with the removal of existing threats and the recovery of the corrupted files right now, you must not forget about your system’s protection because there are thousands of malicious threats waiting in line to attack you, your virtual security, and, of course your files. To add another layer of protection for your files, always create backups.

Banta Ransomware Removal

1. Tap Win+E keys to access Windows Explorer.
2. Use the quick access field at the top to access these directories one by one:
   • %TEMP%
   • %USERPROFILE%\Desktop
   • %USERPROFILE%\Downloads
3. If you find suspicious files, right-click and Delete them.
4. Move to the Desktop and Delete the ransom note file named info.txt.
5. Empty Recycle Bin.
6. Install a malware scanner to inspect your system and check if malicious threats remain active.