BDDY Ransomware Removal Guide

Beware of BDDY Ransomware, a dangerous file-encrypting threat that wants to corrupt your childhood photos, work/school documents, media files, and other types of data that you are likely to consider personal. The infection is not at all interested in system files or applications because those can be replaced quite easily, and that is not what the attackers behind this malware want. They want to tie your hands behind your back, and that is what they are able to do by encrypting personal files. If copies of these files are stored outside the infected machine, victims do not have much to worry about besides the removal of the threat. However, if backup copies do not exist, victims might be pushed into following the attackers’ instructions, which is exceptionally risky. Can you delete BDDY Ransomware to restore the files? Unfortunately, that is not how things work, but this threat definitely must be erased.

RDP (remote desktop protocol) vulnerabilities are most likely to be exploited for the successful entrance of BDDY Ransomware, and so you have to make sure that all vulnerabilities are patched and that remote access is disabled. If it is enabled, and vulnerabilities exist, cybercriminals might have no trouble executing malware. Note that there are thousands of threats that could use such vulnerabilities, and so you need to be careful. In fact, BDDY Ransomware itself has several clones, including Matrix-NEWRAR Ransomware, Matrix-EMAN Ransomware, and Matrix-THDA Ransomware. All of these threats come from the Matrix Ransomware family. Of course, we need to look at every single threat individually. Our research has revealed that the BDDY variant uses a malicious .bat file (found in %APPDATA%) to delete shadow volume copies. This file also has a scheduled task. A .bmp file (found in %APPDATA%) dropped by the infection is used to change the Desktop wallpaper with an image that displays an intimidating message. The extended version of this message is delivered using a file named “#BDDY_README#.rtf.”

The attackers behind BDDY Ransomware use .bmp and .rtf files to inform their victims that their files were encrypted. You should always check whether or not your files were actually encrypted because there are some threats that only pose as file-encrypting ransomware. Unfortunately, this malware truly encrypts files, and besides adding the “[Buddy@criptext.com].” prefix in front of their names, it also completely renames them. The .rtf file is dropped next to them, and the message inside tells you that you need a decryptor controlled by the attackers to get your files back. The message instructs to send a message to Buddy@criptext.com, Buddy888@protonmail.com, or buddy888@tutanota.com, but it is not clear what the attackers want. In fact, victims might believe that all they need to do is send an email because the message suggests that there is nothing to worry about and that files can be restored today. Of course, that is not how things go. If you communicate with the creator of BDDY Ransomware, they demand a ransom payment in return for a decryptor, and you should not pay it unless you want to waste your money. Always remember that cybercriminals cannot be trusted.

If you cannot rely on cybercriminals to provide you with a decryptor, how can you restore your files? You cannot use a system restore point function, and free third-party decryptors did not exist when we analyzed BDDY Ransomware. That leaves you with backups. Do you have backups? Even if you only have copies of some of your files, that is better than nothing. That means that some of your files are saved and that the corrupted files on your computer can be deleted. If you want to replace the encrypted files with backups, you need to remove BDDY Ransomware first. The launcher of this malware could be anywhere, and so we cannot give you the exact instructions on how to delete it manually. This is the main obstacle that might prevent victims from eliminating this threat. The good news is that legitimate anti-malware software has no trouble identifying and removing malware components. Also, it can secure your operating system for the future! Without a doubt, this is the software we recommend installing ASAP.

How to delete BDDY Ransomware

1. Delete all copies of the #BDDY_README#.rtf file.
2. Delete the launcher of the threat (try erasing all recently downloaded files).
3. Tap Win+E keys at the same time to access Windows Explorer.
4. Enter %APPDATA% into the field at the top.
5. Delete the [random name].bmp and [random name].bat files.
6. Enter %WINDIR%\System32\Tasks\ into the field at the top.
7. Delete the [random name] task that belongs to ransomware.
8. Exit Windows Explorer and then Empty Recycle Bin.
9. Install and run a trusted malware scanner to inspect the system for leftovers.