Buddy Ransomware is one of the most recent ransomware infections developed by cyber criminals. Even though, the threat is new, it still quite similar to CryptoWall and CryptoLocker ransomware programs that were reviewed before. Same as previous, Buddy ransomware can get into your computer together with game cracks, freeware programs or via spam email attachments. You may get infected by Buddy Ransomware after downloading some fake update for Flash Player or Java from malicious website. Additionally, Buddy Ransomware can be bundled to freeware programs and distributed through malicious websites and torrents. It is recommended to pay special attention during the installation of any software.
Buddy Ransomware once installed, will encrypt user’s personal files – usually it targets documents, photos, music and video files and adds .cry extension. Manually changing the extension will not decrypt file. All of the files are encrypted with unique encryption key that is generated and stored on the remote computer of cyber criminals. Most of the antiviruses will identify Buddy ransomware as “Gen:Variant.Barys.13365” or “HEUR:Trojan.Win32.Generic”. Once computer is infected user will see the message below.
“Hello Buddy! If you see this message all your important files are been crypted 🙂 What can you do? You can pay with bitcoin and wait 10 min for decryption! it’s very easy! Don’t you know how to purchase bitcoin? hxxp://localbitcoins.com it’s your place! If Antivirus block the crypt, you’ll be unable to decrypt…”
Users are threatened that all of the encrypted files will be removed if they don’t pay a ransom in amount of 0.77756467 Bitcoins (currently 292.15 USD). After paying a ransom user should get in contact with the developer of Buddy Ransomware to confirm the payment and get the key to encrypt all of his files. However, usually users are scammed and nobody gives them a key. Therefore, we advise to ignore those demanding messages and in any circumstance do not pay the ransom. By paying a ransom you are indirectly supporting cyber criminals and encouraging them to develop more threats of this kind. Also, there is no guarantee that you will get the key. Cyber criminals may get your personal information by applying social engineering when you will get in contact with them. So, the best way is to avoid contacting the malware developers.
There are two options to restore your files from Buddy Ransomware. First is to pay the ransom and hope for the key, which is in most cases will not arrive, so we do not recommend this. Second is to restore your computer from a backup or try to restore it to the previous point. However, first of all you need to remove Buddy Ransomware, otherwise it will encrypt everything once again. To get rid of Buddy ransomware simply follow our comprehensive guide, written below this article. After that, download automatic removal tool and scan your computer for additional threats and remove all of them. When you make sure that everything is clear you may restore your computer.
Symptoms of Buddy infection on your computer can be: computer crashes, unusual homepage or search engine on your browser, unwanted pop-up ads and advertising banners. We recommend to download our automatic removal tool. This removal tool has been tested for Buddy threat removal and it is easy to use.