Cyber security researchers discovered a new variant of ‘Vengisto@india.com ransomware‘, which called ‘.Browec ransomware‘. It appends the .browec file extension to encrypted file names. Read below a brief summary of information related to this ransomware and how to restore or decrypt .browec files for free.
What is ‘.Browec ransomware’? It is a malicious software that encrypts documents, photos and music using a hybrid encryption mode, preventing access to them. It will encrypt almost all types of files, including common as:
.odc, .mef, .zi, .itl, .vdf, .xbplate, .wri, .layout, .mp4, .wbk, .wps, .xlsm, .r3d, .x3f, .dba, .wmd, .xlsm, .srf, .7z, .p7c, .ibank, .ysp, .0, .wm, .wotreplay, .arch00, .wgz, .pfx, .rofl, .vpk, .webp, .wbm, .bkp, .epk, .xar, .indd, .fsh, .xlk, .gdb, .xlsx, .wdb, .webdoc, .2bp, .xlsx, .wpb, .wav, .xf, .wpd, .m2, .srw, .rim, .py, .vpp_pc, .qic, .dbf, .ods, .doc, .wp5, .raw, .js, .eps, .litemod, .psk, .esm, .xbdoc, .xyw, .apk, .map, .wma, .z3d, .bc6, .wbc, .iwi, .vfs0, .wmv, .mdb, .mcmeta, .accdb, .pef, .lvl, .wma, .hkdb, .wp7, .xld, .ltx, .ff, .xdb, .lrf, .ztmp, .wire, .w3x, .rwl, .docx, .sid, .xmmap, .mpqge, .xls, .odm, .t13, .zdc, .pst, .ws, .xyp, .pak, .txt, .big, .odt, .desc, .kdc, .d3dbsp, .css, .pptm, .syncdb, .rb, .zip, .zip, .hkx, .docm, .xxx, .wbz, .sql, .dng, .pptx, .bkf, .xlgc, .mlx, .xls, .z, .wmf, .yml, .bar, .zw, .wdp, .lbf, .wcf, .rgss3a, .sav, .gho, .ybk, .itdb, .wsd, .bsa, .dazip, .fpk, .wbmp, .jpeg, .3ds, .dxg, .slm, .odb, .ptx, .xll, .crt, .1st, .wpg, .svg, .fos, .avi, .rtf, .x3d, .xmind, .zdb, .cfr, .zif, .y, .erf, .jpg, .wp6, .1, .vtf, .cer, .crw, .yal, .wpt, .snx, .mrwref, .wpd, .vcf, .x, .dmp, .p12, .sidn, .p7b, .wpe, .cr2, .wpw, .tax, .cdr, .wb2, .flv, .t12, .bik, .wmo, .xwp, .das, .xdl, .tor, .menu, .dwg, .wpl, .odp, .wsc, .x3f, .kdb, .ai, .qdf, .sb, .pkpass, .xlsb, .wpa, wallet, .ppt, .pdf, .wsh, .mddata, .bc7, .psd, .pdd, .db0, .raf, .mov, .pem, .3fr, .sis, .xpm, .blob, .m3u, .ncf, .sum, .3dm, .wps, .csv, .ntl, .rw2, .wp, .bay, .itm, .sidd, .m4a, .icxs, .sie, .dcr, .der, .wbd, .jpe, .xml, .xx, .nrw, .orf, .hplg, .mdbackup, .forge, .asset, .xy3, .hvpl, .wn, .sr2
Once a file is encrypted, its extension modified to .browec. Next, the ransomware drops a file called ‘_readme.txt’. This file contain a note on how to decrypt all encrypted documents, photos and music. You can see an one of the variants of the ransomnote below:
Don't worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-xuSAEnnA8P Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: vengisto@india.com Reserve e-mail address to contact us: vengisto@firemail.cc
Instructions which is shown below, will help you to remove .Browec ransomware as well as recover (decrypt) encrypted photos, documents and music stored on your computer drives.
Table of contents
- How to remove .Browec ransomware virus
- How to decrypt .browec files
- Use STOPDecrypter to decrypt .browec files
- How to restore .browec files
- How to protect your personal computer from .Browec ransomware virus?
- To sum up
How to remove .Browec ransomware virus
The .Browec ransomware may hide its components which are difficult for you to find out and remove completely. This may lead to the fact that after some time, the ransomware again infect your PC and encrypt your personal files. Moreover, I want to note that it is not always safe to remove ransomware virus manually, if you don’t have much experience in setting up and configuring the MS Windows operating system. The best method to locate and delete .Browec ransomware virus is to use free malicious software removal apps which are listed below.
How to remove .Browec ransomware with Zemana Anti-malware
Zemana Anti-malware highly recommended, because it can scan for security threats such the .Browec ransomware and other malicious software that most ‘classic’ antivirus programs fail to pick up on. Moreover, if you have any .Browec ransomware removal problems which cannot be fixed by this utility automatically, then Zemana Anti-malware provides 24X7 online assistance from the highly experienced support staff.
Installing the Zemana Anti Malware (ZAM) is simple. First you’ll need to download Zemana Anti Malware on your machine from the link below.
164108 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
When downloading is done, close all software and windows on your computer. Open a directory in which you saved it. Double-click on the icon that’s named Zemana.AntiMalware.Setup like below.
When the installation begins, you will see the “Setup wizard” that will allow you setup Zemana AntiMalware (ZAM) on your PC.
Once installation is complete, you will see window as shown on the image below.
Now click the “Scan” button to perform a system scan for the .Browec ransomware and other kinds of potential threats. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your machine and the speed of your computer. When a malware, adware software or potentially unwanted software are detected, the number of the security threats will change accordingly. Wait until the the scanning is finished.
As the scanning ends, Zemana will open a screen which contains a list of malicious software that has been found. When you’re ready, click “Next” button.
The Zemana Anti-Malware (ZAM) will remove .Browec ransomware related files, folders and registry keys.
Remove Browec ransomware with MalwareBytes AntiMalware
Manual Browec ransomware virus removal requires some computer skills. Some files and registry entries that created by the ransomware virus may be not completely removed. We advise that use the MalwareBytes Anti-Malware (MBAM) that are completely clean your personal computer of ransomware. Moreover, this free application will allow you to remove malicious software, PUPs, adware and toolbars that your computer can be infected too.
- Installing the MalwareBytes Free is simple. First you will need to download MalwareBytes AntiMalware from the link below.
Malwarebytes Anti-malware
326461 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
- Once downloading is finished, close all apps and windows on your computer. Open a folder in which you saved it. Double-click on the icon that’s named mb3-setup.
- Further, click Next button and follow the prompts.
- Once installation is finished, press the “Scan Now” button to perform a system scan with this utility for the Browec ransomware virus and other security threats. This procedure can take some time, so please be patient. While the MalwareBytes Anti-Malware is scanning, you can see how many objects it has identified either as being malware.
- When MalwareBytes has finished scanning, the results are displayed in the scan report. Review the report and then click “Quarantine Selected”. After that process is complete, you can be prompted to restart your PC.
The following video offers a step-by-step tutorial on how to get rid of hijacker infections, adware and other malicious software with MalwareBytes Anti Malware (MBAM).
Scan and free your computer of ransomware virus with KVRT
If MalwareBytes anti malware or Zemana anti-malware cannot delete this ransomware, then we recommends to use the KVRT. KVRT is a free removal tool for ransomware viruses, adware, worms and trojans.
Download Kaspersky virus removal tool (KVRT) from the following link. Save it on your Desktop.
129082 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the downloading process is finished, double-click on the KVRT icon. Once initialization procedure is finished, you will see the Kaspersky virus removal tool screen as shown on the screen below.
Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next click Start scan button for scanning your personal computer for the .Browec ransomware and other trojans and malicious applications. This task can take quite a while, so please be patient. While the Kaspersky virus removal tool is checking, you may see number of objects it has identified either as being malicious software.
Once the scan is finished, you’ll be opened the list of all detected threats on your system as displayed in the figure below.
In order to get rid of all items, simply press on Continue to start a cleaning procedure.
How to decrypt .browec files
The .Browec ransomware encourages victim to contact it’s developers in order to decrypt all personal files. These persons will require to pay a ransom (usually demand for $490-980 in Bitcoins).
Should you pay the ransom? A majority of cyber security experts will reply immediately that you should never pay a ransom if affected by ransomware! If you choose to pay the ransom, there is no 100% guarantee that you can decrypt all photos, documents and music!
With some variants of Browec ransomware, it is possible to decrypt or restore encrypted files using free tools such as STOPDecrypter, ShadowExplorer and PhotoRec.
Use STOPDecrypter to decrypt .browec files
Michael Gillespie (@) released a free decryption tool named STOPDecrypter (download from download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip).
STOPDecrypter has been updated to include decryption support for the following .djvu* variants (.djvu, .djvuu, .udjvu, .djvuq, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos. STOPDecrypter will work for any extension of the Djvu* variants including new extensions (.browec).
Please check the twitter post for more info.
How to restore .browec files
In some cases, you can recover files encrypted by .Browec ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted files.
Use shadow copies to restore .browec files
If automated backup (System Restore) is enabled, then you can use it to restore all encrypted files to previous versions.
Visit the page linked below to download the latest version of ShadowExplorer for Windows. Save it on your MS Windows desktop or in any other place.
438815 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
When downloading is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder like below.
Launch the ShadowExplorer utility and then select the disk (1) and the date (2) that you wish to recover the shadow copy of file(s) encrypted by the .Browec ransomware virus as displayed in the figure below.
Now navigate to the file or folder that you want to recover. When ready right-click on it and press ‘Export’ button as shown on the screen below.
Recover .browec files with PhotoRec
Before a file is encrypted, the .Browec ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your personal files using file recover apps such as PhotoRec.
Download PhotoRec from the following link. Save it on your Microsoft Windows desktop or in any other place.
When the download is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It will display a screen as displayed on the screen below.
Select a drive to recover as displayed in the figure below.
You will see a list of available partitions. Select a partition that holds encrypted photos, documents and music like below.
Click File Formats button and choose file types to restore. You can to enable or disable the recovery of certain file types. When this is done, click OK button.
Next, click Browse button to select where recovered documents, photos and music should be written, then press Search.
Count of recovered files is updated in real time. All recovered personal files are written in a folder that you have chosen on the previous step. You can to access the files even if the restore process is not finished.
When the restore is done, press on Quit button. Next, open the directory where recovered documents, photos and music are stored. You will see a contents as displayed on the screen below.
All restored photos, documents and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your personal computer from .Browec ransomware virus?
Most antivirus applications already have built-in protection system against the ransomware virus. Therefore, if your system does not have an antivirus program, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Run HitmanPro.Alert to protect your computer from .Browec ransomware virus
All-in-all, HitmanPro.Alert is a fantastic tool to protect your PC from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Windows OS from Microsoft Windows XP to Windows 10.
Visit the page linked below to download the latest version of HitmanPro Alert for MS Windows. Save it to your Desktop so that you can access the file easily.
When downloading is complete, open the file location. You will see an icon like below.
Double click the HitmanPro Alert desktop icon. Once the tool is opened, you’ll be displayed a window where you can choose a level of protection, as shown in the figure below.
Now click the Install button to activate the protection.
To sum up
Now your PC should be clean of the .Browec ransomware virus. Remove MalwareBytes AntiMalware (MBAM) and Kaspersky virus removal tool. We advise that you keep Zemana (to periodically scan your system for new malware). Moreover, to prevent ransomware, please stay clear of unknown and third party apps, make sure that your antivirus program, turn on the option to stop or detect ransomware.
If you need more help with .Browec ransomware related issues, go to here.