If your personal files does not open normally, their names modified or .[Admin@decryption.biz].bkpx added at the end of their name then your machine is infected with a new Admin@decryption.biz Bkpx ransomware from a family of file-encrypting ransomware. Once started, it have encrypted all documents, photos and music stored on a PC drives and attached network drives.
Once installed, the Admin@decryption.biz Bkpx ransomware ransomware virus will scan the computer for some file types and encrypt them. It will encrypt almost of files, including:
.pptx, .zip, .xlsm, .xxx, .sis, .vfs0, .sid, .bik, .xdb, .bsa, .ztmp, .dbf, .itdb, .wdp, .bar, .zip, .w3x, .3dm, .slm, .mcmeta, .ysp, .wp6, .xy3, .mddata, .z3d, .txt, .sidd, .mdbackup, .wsh, .3ds, .xlsm, .mp4, .wma, .vdf, .wmo, .xld, .m2, .p12, .wpw, .d3dbsp, .xls, .wmv, .cer, .wri, .r3d, .gho, .wm, .map, .wav, .rgss3a, .sie, .xls, .accdb, .z, .bkf, .der, .big, .sav, .arch00, .rw2, .wmd, .x, .xx, .kdc, .wpa, .forge, .xwp, .hkdb, .docx, .jpeg, .bkp, .dmp, .itm, .wpg, .xmmap, .wbk, .apk, .m4a, .syncdb, .wma, .cas, .iwd, .menu, .ai, .fsh, .dcr, .mlx, .rar, .odp, .1, .hkx, .ff, .dwg, .avi, .png, .ybk, .wdb, .0, .wpl, .qic, .odc, .pptm, .wp5, .blob, .t12, .erf, .wpt, .vtf, .wp, .odt, .zif, .kdb, .wmf, .wsd, .rwl, .zdb, .raw, .mdb, .crt, .wbm, .srw, .x3d, .pkpass, .itl, .webdoc, .xdl, .wps, .xbdoc, .re4, wallet, .rim, .rb, .xpm, .yml, .hplg, .vpp_pc, .x3f, .gdb, .ibank, .desc, .psk, .hvpl, .cfr, .rtf, .wn, .wp7, .xyw, .xlsb, .mdf, .wb2, .cr2, .db0, .x3f, .pem, .lrf, .xll, .docm, .mef, .ppt, .zi, .pak, .yal, .xlk, .upk, .webp, .srf, .icxs, .mrwref, .ntl, .sql, .crw, .qdf, .snx, .layout, .kf, .dba, .wps, .dxg, .tax, .indd, .wmv, .pdd, .lbf, .wcf, .xar, .sum, .raf, .epk, .zabw, .litemod, .pst, .iwi, .ptx, .wire, .xf, .y, .xyp, .svg, .mov, .wbc, .nrw, .das, .xmind, .css, .bc7, .bay, .psd, .fpk, .tor, .7z, .2bp, .jpg, .js, .vpk, .xlsx, .wbmp, .rofl, .orf, .pdf, .dazip, .sb, .m3u, .cdr, .wot, .eps, .wpb, .sr2, .wsc, .p7c, .pfx, .py, .xml, .odb, .wpd, .3fr, .fos
When encrypting a file it will add the .[Admin@decryption.biz].bkpx extension to each encrypted file name to identify that the file has been encrypted.
For example, a file called sample.doc
would be encrypted and renamed to sample.doc.id-USERID.[Admin@decryption.biz].bkpx
.
Once the process is finished, it will create a file called ‘FILES ENCRYPTED.txt’ with ransom instructions. It includes instructions on how to purchase a private key to decrypt all personal files. You can see an one of the variants of the ransomnote below:
All your files have been encrypted! All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail Admin@decryption.biz Write this ID in the title of your message USERID In case of no answer in 24 hours write us to these e-mails: Admin@decryption.biz You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Free decryption as guarantee Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price. hxxps://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/ Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam
Unfortunately, at this time, victims of the Admin@decryption.biz Bkpx ransomware cannot decrypt encrypted documents, photos and music without the actual encryption key. But you can use our instructions below to scan for and delete the Bkpx ransomware virus from your PC as well as recover encrypted documents, photos and music for free.
Table of contents
- How to decrypt .[Admin@decryption.biz].bkpx files
- How to remove Admin@decryption.biz Bkpx ransomware virus
- How to restore .bkpx files
- How to protect your computer from Admin@decryption.biz Bkpx ransomware
How to decrypt .[Admin@decryption.biz].bkpx files
Currently there is no available solution to decrypt .bkpx files, but you have a chance to recover encrypted photos, documents and music for free. The ransomware virus uses strong encryption method. What does it mean to decrypt the files is impossible without the private key. Use a “brute forcing” is also not a way because of the big length of the key. Therefore, unfortunately, the only payment to the authors of the Bkpx ransomware entire amount requested – the only method to try to get the decryption key and decrypt all your files.
There is absolutely no guarantee that after pay a ransom to the makers of the Admin@decryption.biz Bkpx ransomware virus, they will provide the necessary key to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware.
How to remove Admin@decryption.biz Bkpx ransomware virus
Even if you’ve the up-to-date classic antivirus installed, and you have checked your system for ransomware infections and removed anything found, you need to do the guide below. The Admin@decryption.biz Bkpx ransomware virus removal is not simple as installing another antivirus. Classic antivirus applications are not created to run together and will conflict with each other, or possibly crash Microsoft Windows. Instead we suggest complete the steps below and use Zemana Anti-malware, Malwarebytes or Kaspersky Virus Removal Tool, which are free apps dedicated to scan for and remove malware like the Admin@decryption.biz Bkpx ransomware virus. Use these utilities to ensure the ransomware virus is removed.
Get rid of Admin@decryption.biz Bkpx ransomware virus with Zemana Anti-malware
You can delete Admin@decryption.biz Bkpx ransomware virus automatically with a help of Zemana Anti-malware. We suggest this malware removal utility because it can easily delete ransomware viruss, potentially unwanted applications, ad-supported software and toolbars with all their components such as folders, files and registry entries.
Visit the page linked below to download the latest version of Zemana Anti-Malware for MS Windows. Save it to your Desktop.
164107 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
When the download is finished, close all software and windows on your PC system. Open a directory in which you saved it. Double-click on the icon that’s named Zemana.AntiMalware.Setup as shown in the figure below.
When the installation begins, you will see the “Setup wizard” which will help you install Zemana AntiMalware on your computer.
Once installation is finished, you will see window as shown below.
Now click the “Scan” button to perform a system scan with this utility for the Admin@decryption.biz Bkpx ransomware virus and other malware and potentially unwanted software. This procedure can take some time, so please be patient. When a malicious software, ad-supported software or PUPs are detected, the count of the security threats will change accordingly.
When the system scan is complete, a list of all threats detected is prepared. You may remove items (move to Quarantine) by simply click “Next” button.
The Zemana AntiMalware (ZAM) will remove Admin@decryption.biz Bkpx ransomware virus and other malicious software and PUPs and add items to the Quarantine.
Use MalwareBytes AntiMalware (MBAM) to remove Admin@decryption.biz Bkpx ransomware virus
If you’re having issues with the Admin@decryption.biz Bkpx ransomware removal, then download MalwareBytes Anti-Malware. It’s free for home use, and identifies and removes various unwanted programs that attacks your computer or degrades personal computer performance. MalwareBytes Anti-Malware (MBAM) can get rid of ad supported software, potentially unwanted software as well as malware, including ransomware and trojans.
- Click the following link to download MalwareBytes. Save it directly to your Windows Desktop.
Malwarebytes Anti-malware
326460 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
- At the download page, click on the Download button. Your browser will open the “Save as” dialog box. Please save it onto your Windows desktop.
- Once the downloading process is done, please close all programs and open windows on your machine. Double-click on the icon that’s called mb3-setup.
- This will run the “Setup wizard” of MalwareBytes onto your system. Follow the prompts and do not make any changes to default settings.
- When the Setup wizard has finished installing, the MalwareBytes will run and show the main window.
- Further, click the “Scan Now” button for scanning your PC system for the Admin@decryption.biz Bkpx ransomware virus and other kinds of potential threats like malware and potentially unwanted apps.
- When the system scan is finished, you can check all threats found on your computer.
- Review the scan results and then click the “Quarantine Selected” button. After the cleaning process is complete, you may be prompted to reboot the PC.
- Close the Anti-Malware and continue with the next step.
Video instruction, which reveals in detail the steps above.
If the problem with Admin@decryption.biz Bkpx ransomware virus is still remained
If MalwareBytes antimalware or Zemana anti-malware cannot remove this ransomware virus, then we recommends to run the KVRT. KVRT is a free removal utility for viruses, ransomware, ad supported software, potentially unwanted software and toolbars.
Download Kaspersky virus removal tool (KVRT) from the following link. Save it on your Desktop.
129082 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After the download is done, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is finished, you will see the Kaspersky virus removal tool screen as displayed below.
Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next click Start scan button to perform a system scan with this utility for the Admin@decryption.biz Bkpx ransomware virus and other trojans and malicious programs. Depending on your personal computer, the scan can take anywhere from a few minutes to close to an hour. When a threat is found, the number of the security threats will change accordingly.
After finished, KVRT will show you the results as on the image below.
When you are ready, click on Continue to start a cleaning process.
How to restore .bkpx file
In some cases, you can recover files encrypted by Admin@decryption.biz Bkpx ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted documents, photos and music.
Use ShadowExplorer to recover .[Admin@decryption.biz].bkpx files
In order to recover .[Admin@decryption.biz].bkpx photos, documents and music encrypted by the Admin@decryption.biz Bkpx ransomware virus from Shadow Volume Copies you can run a utility called ShadowExplorer. We suggest to use this solution as it is easier to find and recover the previous versions of the encrypted files you need in an easy-to-use interface.
ShadowExplorer can be downloaded from the following link. Save it directly to your Windows Desktop.
438809 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
After the download is finished, extract the downloaded file to a directory on your PC. This will create the necessary files as shown on the image below.
Launch the ShadowExplorerPortable program. Now choose the date (2) that you wish to restore from and the drive (1) you wish to restore files (folders) from like below.
On right panel navigate to the file (folder) you want to restore. Right-click to the file or folder and press the Export button as shown below.
And finally, specify a directory (your Desktop) to save the shadow copy of encrypted file and press ‘OK’ button.
Use PhotoRec to restore .[Admin@decryption.biz].bkpx files
Before a file is encrypted, the Admin@decryption.biz Bkpx ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your personal files using file recover applications such as PhotoRec.
Download PhotoRec on your Microsoft Windows Desktop by clicking on the link below.
Once the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed below.
Double click on qphotorec_win to run PhotoRec for Windows. It will show a screen as shown below.
Select a drive to recover as shown on the image below.
You will see a list of available partitions. Choose a partition that holds encrypted files as displayed below.
Click File Formats button and specify file types to recover. You can to enable or disable the recovery of certain file types. When this is complete, press OK button.
Next, click Browse button to choose where restored files should be written, then click Search.
Count of restored files is updated in real time. All recovered photos, documents and music are written in a folder that you have selected on the previous step. You can to access the files even if the recovery process is not finished.
When the restore is complete, click on Quit button. Next, open the directory where recovered documents, photos and music are stored. You will see a contents like below.
All restored documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you are looking for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your computer from Admin@decryption.biz Bkpx ransomware
Most antivirus applications already have built-in protection system against the virus. Therefore, if your computer does not have an antivirus program, make sure you install it. As an extra protection, use the CryptoPrevent.
Run CryptoPrevent to protect your personal computer from Admin@decryption.biz Bkpx ransomware virus
Download CryptoPrevent on your personal computer by clicking on the following link.
www.foolishit.com/download/cryptoprevent/
Run it and follow the setup wizard. Once the setup is complete, you will be displayed a window where you can select a level of protection, as displayed on the image below.
Now click the Apply button to activate the protection.
To sum up
After completing the step-by-step instructions shown above, your computer should be clean from Admin@decryption.biz Bkpx ransomware and other malware. Your system will no longer encrypt your photos, documents and music. Unfortunately, if the step-by-step tutorial does not help you, then you have caught a new ransomware virus, and then the best way – ask for help here.