BBC is a file-encrypting malware that belongs to the family of Phobos Ransomware. 

Being a ransomware, it aims to target various important files stored on the target system. Further, it runs the encryption tool to lock the file with unique encryption key, in order to demand ransom fee against decryption tool.  Thus, users infected with BBC ransomware, may find their files replaced with unique patterns.

That is {original filename+unique ID for each victim+ contact email address of the attackers+”.bbc” extension}. On completion of the encryption process, it creates a ransom note to inform users about the ransom attack and how users can recover their files back.

BBC Ransomware Description

Name BBC ransomware
Type Ransomware, file-encrypting malware
Risk level High
Description BBC is a ransomware program that encrypts files, photos, videos and other important documents on the target system with unique key. If user wants to recover their files then have to pay the ransom.
Occurrence Opening spam email attachments, Visiting suspicious pages and clicking on malicious links,  Browser Redirection to questionable sites or via other Trojans.
 Symptoms Restrict access to most of the files on the system, Change in desktop wallpaper, ransom message.
Extension .bbc along with unique ID for the victim and email address of the extortionist
Ransom Note info.hta and info.txt
Ransom Demanded ????
Email or contact 0x1service@protonmail.com and 0x1service@airmail.cc
Detection

Download the Anti-ransomware toolTo quickly eliminate BBC Ransomware from your computer.

Method Of Propagation

The malicious payloads of the virus is distributed via spam emails. The mails are subjected as any invoice, fax, job offers or from any higher officials of the company. Also, the situation of CONVID-19 crisis, it ,may also spread spam email related to any latest information about the pandemic to trick users opening the spam emails.

So, once the user opens the infected attachment, the macro-enabled document starts automatically running the macros. This downloads the infectious files on the system and further install it on the system.

Besides that, there are other sources too. For instance, downloading pirated software, security flaws within the software, fake updates and exploit kits. Any of these can be responsible for infecting your system with BBC Ransomware.

The Encryption Process

When active on the system, it runs an encryption algorithm to lock the files with a unique key. The files includes all types of documents, photos, videos, apps on the system. The aim behind is to demand the ransom to be paid in order to buy the decryption key from the authors of the threat. After encryption, the files are replaced with “.BBC” extension, the full pattern of the encryption is {original filename+unique IDfor each victim+ contact email address of the attackers+”.bbc” extension} extension.

For example, if a file named “home.jpg” would appear as “home.jpg.id[1B896B00-5382].[0x1service@protonmail.com].bbc“. Thus all the files will be replaced likewise which will be no more accessible. After the completing the encryption, it generates a ransom note containing the contact details of the authors along with unique ID for the victim.

The Ransom Note

BBC ransomware Ransom note

BBC ransomware Ransom note

After the encryption is completed, the ransomware creates a random note to inform users about the encryption and how they can recover their files. The ransom notes are “info.hta” and “info.txt” are created which can be found in each of the folder where encryption occurred and within the desktop screen.

The Text within the Ransom Note “info.hta” is:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail 0x1service@protonmail.com
Write this ID in the title of your message –

In case of no answer in 24 hours write us to this e-mail:0x1service@airmail.cc
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.

Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Text within the info.txt is: 

!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: 0x1service@protonmail.com.
If we don’t answer in 24h., send e-mail to this address: 0x1service@airmail.cc 

Here are few point concluded from the ransom note:

  • The files on the target system is encrypted due to some security problem on the system;
  • In order to restore the files, the authors provide an email address 0x1service@protonmail.com. The victims need to write their unique ID as title of the email.
  • However, the amount is not specified, but users need to pay them in Bitcoins. Also, the soon users will respond the less amount they will have to pay;
  • Further the note says, users can send 5 encrypted files that should not be above 4 MB, to the provided email address. These files will be decrypted for free. After which users will need to pay the full amount in order to free the files.

How To Remove BBC Ransomware virus Without Paying Ransom

However, security experts never recommend paying the ransom, as the extortionist does not have any guarantee to provide the full-decryption key even after paying the ransom. Besides that, paying the ransom encourage such crimes and earn profit by illegal ways. Thus, you should remove the BBC ransomware threat and try out other recovery methods given below. It it better to keep a backup of all your important files safety to fight against such threats. Before starting the removal, you should keep a copy of encrypted files along with ransom note in a separate flash drive.

Method 1: Remove BBC Ransomware Virus Using Safe Mode With Networking.

In this guide, you will find removal instruction of BBC Ransomware virus both manually and using anti-malware tool. However manual removal of ransomware threats are nearly impossible, so it is better to run a scan with anti-ransomware/malware to remove the virus.

At times, virus does not allow the installation or scanning of anti-virus program, so you need to switch to “safe mode with networking”. After that you can try recovery of your data if you have any backup or we have listed some methods which may help you to recover some of your data.

For Windows XP and 7:

  1. Click on the “Start menu, then on click the arrow next to “Shut Down.” Select Restart. (Just as you normally Restart your PC).
  2. Once the computer screen is powered on, immediately start tapping “F8” key till you see “Advanced Boot Options” screen. if you don’t enter to the boot screen, then restart the process again and press F8 while the PC is restarting.
  3. Here, you need to choose “Safe Mode with Networking option and press “enter” key to troubleshooting windows. As later on, you need to access the internet.
    Safe Mode With Networking

    Safe Mode With Networking

  4. And you will now see the login screen. Now log in with your Administrator Account.

NOTE: To get back to your normal windows configuration, you need to repeat steps 1-3 and select Start Windows Normally.

  1. For Windows 10: Click Start –> Power and then hold the Shift key on your keyboard and click Restart.
  2. For Windows 8/8.1:  Press the “Windows key + C“, and then click “Settings“. Click “Power“, hold down the Shift key on your keyboard and then click “Restart“.
  3. From here steps are same for Windows 10 and 8.
  4. Click Troubleshoot.
    Choose Troubleshoot

    Choose Troubleshoot

  5. Click Advanced options.
    Choose Advanced Options

    Choose Advanced Options

  6. Click Startup Settings.
    Choose Start-up Setting

    Choose Start-up Setting

  7. Click Restart.
    Press Restart

    Press Restart

  8. After your computer restarts, select Safe Mode with Networking.
    Windows 10 Safe Mode With Networking

    Windows 10 Safe Mode With Networking

  9. Enter your Administrative username and password to start Windows in Safe Mode with Networking.

NOTE: To get back to normal Windows configuration you need to Click Start –> Power and then click Restart.

Now Download the anti-malware program to detect and remove BBC Ransomware.


Use HitmanPro.Alert To Remove BBC Ransomware(Recommended)”

HitmanPro.Alert

HitmanPro.Alert is an advanced anti-malware program along with anti-ransomware features. That helps detecting the encrypted files and presence of any ransomware threats. Running HitmanPro.Alert on your computer will provide your real-time status, checks the browser integrity and alerts or any suspicious activity. So that you can have a safe browsing and online transactions. Read the full review of HitmanPro.Alert here.

Steps To Install And Run HitmanPro.Alert

  • Click on the provided link to download HitmanPro.Alert anti-malware;
    HitManPro.Alert Step1

    HitManPro.Alert Step1

  • Now, open the download folder to locate “hmpalert3”;
    HitmanPro.Alert Step 2

    HitmanPro.Alert Step 2

  • Click on it, to begin the installation;
  • It will ask your User Account control, if prompted click on “yes”; The download should begin shortly. HitmanPro.Alert window will appear, where you need to choose the options:
HitManPro.Alert Step3

HitManPro.Alert Step3

  • Choose Protection level as Maximum
  • And tick the other boxes and finally click on “Install”.
  • HitmanPro.Alert only takes 5MB of your memory and is very quick to install.
HitManPro.Alert Step4

HitManPro.Alert Step4

  • After the installation is complete, the scan will start. First scan may take up some minutes, as it will scan the whole computer.
    HitmanPro.Alert step 4

    HitmanPro.Alert step 4

  • The scan results are here. Carefully look down the list. You can here, the scan has found 1 Riskware and thousands of traces which can be risky.
    HitmanPro.Alert step 5

    HitmanPro.Alert step 5

  • You can select the threat to delete, quarantine, ignore or, mark as safe. If you want to remove all the threats, then simply click on the “Next” button below.
    HitmanPro.Alert step 6

    HitmanPro.Alert step 6

  • HitmanPro.Alert first creates a restore point and then starts the removal process. This helps to recover from any damage.
    HitmanPro.Alert step 7

    HitmanPro.Alert step 7

So, by performing the above steps, you can get rid of BBC Ransomware.


Method 2: Remove BBC Ransomware virus using System Restore Procedure

Another method is a manual way to get rid of Ransomware which is through System Restore. If you don’t know much about this process, then read here. Click here to perform System Restore in Windows OS.

Safe Mode with Command Prompt (Follow the above steps and choose Safe Mode with Command Prompt option from boot settings

To Reboot your computer to “Safe Mode with Command Prompt”

Windows 7 / Vista / XP

  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart.
  • Now select Troubleshoot –> Advanced options –> Startup Settings and finally press Restart.
  • Once your computer becomes active, select “Enable Safe Mode with Command Prompt” in Startup Settings window.

Windows 10 / Windows 8

  • Click Start –> Restart –> OK.
  • When your computer becomes active, start pressing “F8″ multiple times until you see the Advanced Boot Options window.
  • Select Command Prompt from the list

To Restore your system to default settings as it was prior to the attack of BBC Ransomware

  1. Once the Command Prompt window appears, type “cd restore” and press Enter.
  2. Now again type “rstrui.exe” and hit Enter button;
  3. It will show up a new window, now click on “Next” and select your restore point that should be prior to the attack of BBC threat or any other point you want. Click on “Next”.
  4. Now click on “Yes” to confirm the system restore.

Restore-your-system-to-default-settings

Once the system restore to your selected date is done, then you need to restart your computer normally.

You should Download effective anti-virus program and scan your computer to ensure successful removal of any threat.


How to Restore the Encrypted Files by BBC Ransomware?

Here is a separate article that guides users of various methods to recover their encrypted files. However, the ransomware makes sure the files may not be unlocked by other tools, but you should try them out.

Click here to know How you can restore the encrypted file.

More From Unboxhow

EXPLORE SITE TOOLS
BROWSE ARTICLES