The Ransomware threats are some of the sneakiest forms of computer malware that you may encounter online. These threats have the ability to apply secret encryption to all of your files and ask you to pay a ransom if you want to decrypt them. Usually, it is very difficult to crack the applied encryption and bring the lokced data back if you do not have the corresponding access key. The following article is dedicated to a newly released Ransomware virus named Brusaf, which is a new representative of this file-encrypting Ransomware sub-category.
The .Brusaf virus
Our “How to remove” team has been contacted with a call for assistance by some of our site visitors, who have had the misfortune of becoming victims of this malicious cryptovirus. And indeed, dealing with Ransomware is usually very hard. Moreover, the consequences of its attack are can be very unpleasant, especially if the encrypted files are of great importance to you. Still, we may be able to offer you some guidelines on how to deal with Brusaf in a fast and reliable manner. In the next lines, there is a manual removal guide created to help all victims of Brusaf to get rid of it. Detecting the Ransomware is really important because, otherwise, you cannot use your computer as a location for storing new data. Nevertheless, eliminating the virus may not automatically reverse the encryption applied to the targeted files. Therefore, for such cases, in the removal guide below, you will find separate instructions in a special file-recovery section, which are published to help the victims potentially get back some of their most valuable files.
.Brusaf file encryption solutions
The most common question we get asked from victims of Ransomware is “What are the options?”. The most obvious one is to pay the ransom, which is exactly what the hackers want you to do. And that will be basically funding their criminal blackmailing scheme. The crooks want the victims to pay them in Bitcoins or some other cryptocurrency, which guarantees their identities will remain anonymous. But if you agree to pay the ransom, then you will be at the mercy of the hackers, which isn’t ideal for you. The reason is, many victims never receive the decryption solution needed for accessing their files, even after they have carefully completed all ransom payment instructions. And many more obtain a decryption key that is utterly ineffective. Therefore, most security experts do not advise the victims of Ransomware to send their money to the hackers with the hope that the latter will help them.
Unfortunately, we must say the other alternatives for coping with the effects of Brusaf, Masok, Prandelon your machine aren’t that many. Plus, they may not always be very effective. But, still, they can at least help you save the money you would otherwise lose by paying the ransom. You can start by removing the computer virus with the help of the guide below. Then, once you have removed the Ransomware, you can head over to the file-recovery section and give a try to the suggestions there. They may work differently on different systems, or might not work at all in certain cases. Still, there is no way of knowing until you actually try.
|Danger Level||High (Brusaf Ransomware encrypts all types of files)|
|Symptoms||Brusaf Ransomware is hard to detect and aside from increased use of RAM and CPU, there would barely be any other visible red flags.|
|Distribution Method||Most of the time, Trojans get distributed through spam e-mails and social network messages, malicious ads, shady and pirated downloads, questionable torrents and other similar methods.|
Remove Brusaf Ransomware
Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.
2: Task Manager
Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.
If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.
Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.
3: IP related to Brusaf
Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.
Find where it says Localhost and take a look below that.
If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Brusaf.
4: Disable Startup programs
Re-open the Start Menu and type msconfig.
Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10, it will send you to the Startup part of the task manager instead, as in the picture:
If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Brusaf , disable those programs and select OK.
5: Registry Editor
Press Windows key + R and in the resulting window type regedit.
Now, press Ctrl + F and type the name of the virus.
Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.
6: Deleting potentially malicious data – Brusaf
Type each of the following locations in the Windows search box and hit enter to open the locations:
Delete everything you see in Temp linked to Brusaf Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.
7: Brusaf Decryption
The previous steps were all aimed at removing the Brusaf Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.