Banjo Ransomware Removal Guide

Have you done absolutely everything to protect your Windows system against Banjo Ransomware? If you have not, but this malware has not invaded the system yet, we suggest that you immediately create copies of all important files and store them away. Also, you must implement reliable security software to help you guard the system against silent and clandestine invaders. Furthermore, you need to be vigilant about any random pop-ups, installers, and spam emails you could be exposed to. Finally, update your system and the installed software because unpatched vulnerabilities can open up security backdoors. If your system has been invaded already, you must not forget about these security measures. First, of course, you want to delete Banjo Ransomware. Hopefully, this report answers the most important questions about the threat and its removal, but note that you can always add additional questions to the comments section.

You might not know how Banjo Ransomware slithered into your operating system because the attackers behind this malware need it to slither in silently. Only if it is not caught and deleted right away can this threat encrypt files without disturbance. Unfortunately, it encrypts all personal files. That means that your documents, pictures, media files, and other content becomes unreadable. During encryption, the data of your files is changed, and that is how cybercriminals are able to attack you without actually removing the files. Unfortunately, once they are encrypted, they are as good as removed. You cannot decrypt them yourself, and there is no free, legitimate decryptor that would do the job for you. Does that mean that you must rely on cybercriminals to provide you with a working decryptor? We hope that you know better than to do that. Of course, if you cannot decrypt files, and if you cannot replace them with backup copies either, you might see no other option but to pay attention to the attackers’ demands.

The demands of the attacker behind Banjo Ransomware are made in two ways, using the “Info.hta” and “info.txt” files. This is not at all surprising because the same files are used by Calix Ransomware, Devil Ransomware, and most other variants of the infamous Phobos Ransomware. This is the infection that Banjo Ransomware and its clones were modeled after. The “Info.hta” file is set to launch a window, and the “info.txt” file must be opened to see the text inside. The latter file does not offer a lot of information, while the first one represents a more extensive message. The point of both of these files is to convince the victim of the infection that they must contact the attackers. They are instructed to do that via Telegram (@krasume) or email (mutud@airmail.cc or krasume@tutanota.com). Without a doubt, we do not recommend contacting them in any way. If you do, they will demand a ransom payment in return for a decryptor, but if you pay the ransom, you will not get a decryptor. This is why we do not believe that it is possible to decrypt the files with the “.id[{unique id}].[mutud@airmail.cc].banjo” extension attached to their names.

If you know your Windows system pretty well, perhaps you can follow the instructions below and remove Banjo Ransomware manually. However, this is not a task for inexperienced users. If you are going to follow the guide below anyway, do so at your own risk. Of course, experienced users are likely to implement anti-malware software because they understand that there is no time to muck about with ransomware. Also, if your system was infected, that also means that you need to strengthen your system’s protection. You can do that with the help of anti-malware software as well, given that it was built to secure systems. Once you confirm that all threats have been deleted, and your system is secured, you can replace the corrupted files with backups. Hopefully, you have backup copies stored somewhere outside the infected computer.

How to delete Banjo Ransomware

1. Delete the ransom note file, info.txt.
2. Open the File Explorer by tapping Win+E keys.
3. Enter these paths into the quick access field to find and Delete the Info.htafile:
   • %HOMEDRIVE%
   • %USERPROFILE%\Desktop\
4. Enter these paths into the quick access field to find and Delete the {unique name}.exefile:
   • %LOCALAPPDATA%
   • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
   • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
   • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
5. Open Run by tapping Win+R keys and enter regedit into the dialog box.
6. In Registry Editor, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
7. Delete the value with a random name if you can link it to the ransomware.
8. Go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and repeat step 7.
9. Empty Recycle Bin and then immediately scan your system for leftovers using a trusted malware scanner.