Badut Clowns virus is a new ransomware. Like other ransomware, it is basically a harmful program which gets on your system and runs. It locks up your files and changes their extensions to .badutclowns file extension. This blog post will provide you a brief summary of information related to this ransomware virus and how to recover (decrypt) encrypted personal files for free.
Badut Clowns virus ransom note:
Important. I’m Badut Clowns, Welcome to my little game
Perhaps you are busy looking for a way to recover your files, but don’t waste your time.
Nobody can recover your files without our decryption service.
I will give you 1 hour from now, to send a sum of $200 via bitcoinIf you ignore this warning, we will lock all your personal data within 2 hours
Not only that, We will destroy your pc harddisk within 2 hours
We have controlled your wifi network and will spread this malware to all connected devices
Now, let’s start enjoy our little game together!
Now, let’s start and enjoy our little game together!1 file will be deleted
[View encrypted files]
Please, send at least $200 worth of Bitcoin here:
3Qjb7LK3v7RFgir3XrRsVbK8a22hdicoLV
[I made a payment, now give me back my files!]
Getting to the user’s PC, the Badut Clowns ransomware starts searching for files in all folders and recursively, and after their detection, locks up each of them using very strong hybrid encryption with a large key that completely blocks them and leads to their dysfunction. This ransomware virus is capable of blocking various files such as drawings, video materials, documents, web application-related files, database, archives and photos, as well as its destructive effects can be subjected to backups. Badut Clowns ransomware virus can encrypt almost of files, including common as:
.7z, .py, .wma, .xx, .wotreplay, .ysp, .sql, .sb, .mov, .rb, .kdb, .layout, .xmmap, .xls, .sidd, .doc, .wp, .x3f, .d3dbsp, .vpp_pc, .bar, .vpk, .wpw, .0, .pak, .ws, .forge, .m2, .gho, .xlsm, .pdf, .z3d, .xml, .wpd, .xbplate, .xlk, .icxs, .db0, .p7b, .webdoc, .mpqge, .psd, .das, .wsh, .rtf, .syncdb, .wire, .vcf, .ai, .wn, .bc6, .xyp, .iwd, .webp, .wbk, .3fr, .itdb, .jpeg, .zi, .p12, .mdb, .dazip, .wsc, .y, .nrw, .cas, .dwg, .mp4, .x3d, .srw, .r3d, .wpb, .xar, .odt, .esm, .xlgc, .dcr, .wri, .wmd, .sis, .xyw, .wp4, .wcf, .big, .iwi, .litemod, .txt, .erf, .zip, .dbf, .ff, .docm, .pptx, .crw, .odc, .blob, .wp7, .m3u, .re4, .xwp, .w3x, .wot, .arw, .wmf, .dmp, .xlsb, .pst, .ztmp, .xpm, .svg, .dxg, .zif, .zdb, .qic, .hplg, .rar, .hvpl, .indd, .wp5, .ibank, .wpd, .mef, .wmv, .zdc, .lrf, .xls, .bsa, .rofl, .itm, .xf, .itl, .tor, .wdp, .wp6, .pef, .wpa, .wdb, .desc, .pem, .mdf, .slm, .zabw, .js, .x, .pdd, .asset, .bik, .sum, .sie, .xlsm, .mddata, .mlx, .pptm, .dba, .pfx, .eps, .bkf, .flv, .mdbackup, .rw2, .mrwref, .sav, .avi, .vfs0, .wpt, .yal, .fos, .xdl, .crt, .tax, .dng, .z, .sidn, .fpk, .wbz, .jpe, .xy3, .x3f, .psk, .hkx, .mcmeta, .fsh, .p7c, .qdf, .wbmp, .xbdoc, .raw, .bc7, .upk, .ppt, .menu, .docx, .jpg, .cer, .1, .epk, .cr2, .xld, .rim, .ncf, .bay, .t13, .wsd, .kf, .odb, .wmo, .map, .wgz, .ptx, .2bp, .csv, .gdb, .yml, .wb2
All files which are locked by Badut Clowns ransomware receive the .badutclowns extension, which allows users to identify the cause of the problem that caused their work to stop. Each victim whose PC has been subjected to the Badut Clowns virus attack, receives a ransom message from cybercriminals, which indicates the amount of money for which they are willing to provide the victim with a unique code key and a decryption utility to unlock the affected files.
Text presented on this image:
If you rate a programmer or coder 7.5/10 on knowledge basis,
you would definitely have to rate a hacker 10
Because behind every successful Coder there an even more successful
De-coder to understand that code
roberspatrick@gmx.de
–badut clowns–
Threat Summary
Name | Badut Clowns |
Type | Filecoder, File locker, Crypto virus, Ransomware, Crypto malware |
Encrypted files extension | .badutclowns |
Ransom note | _readme.txt |
Contact | roberspatrick@gmx.de |
Bitcoin Wallet | 3Qjb7LK3v7RFgir3XrRsVbK8a22hdicoLV |
Ransom amount | $200 in Bitcoins |
Detection Names | Win32:Trojan-gen, Ransom:MSIL/JigsawLocker.93b87420, Trojan.Ransom.Jigsaw, Trojan-Ransom.Jigsaw (A) |
Symptoms | Photos, documents and music won’t open. Your files now have odd extensions that end with something like .badutclowns. Ransom note displayed on your desktop. |
Distribution methods | Phishing emails that contain malicious attachments. Drive-by downloads (ransomware virus is able to infect the machine simply by visiting a web site that is running harmful code). Social media posts (they can be used to entice users to download malware with a built-in ransomware downloader or click a suspicious link). Remote desktop protocol (RDP) hacking. |
Removal | To remove Badut Clowns ransomware use the removal guide |
Decryption | To decrypt Badut Clowns ransomware use the steps |
Unfortunately, at this time, victims of the Badut Clowns virus cannot decrypt encrypted photos, documents and music without the actual encryption key. But you can follow our tutorial below to look for and remove Badut Clowns from your personal computer as well as restore encrypted files for free.
Quick links
- How to remove Badut Clowns ransomware virus
- How to decrypt .badutclowns files
- How to restore .badutclowns files
- How to protect your PC system from Badut Clowns crypto virus?
- To sum up
How to remove Badut Clowns ransomware virus
In order to remove Badut Clowns ransomware from your personal computer, you need to stop all ransomware processes and delete its associated files including Windows registry entries. If any ransomware virus components are left on the computer, the crypto virus can reinstall itself the next time the PC boots up. Usually ransomware infections uses random name consist of characters and numbers that makes a manual removal procedure very difficult. We recommend you to use a free ransomware virus removal tools that will allow uninstall Badut Clowns ransomware from your PC. Below you can found a few popular malware removers that detects various ransomware.
Delete Badut Clowns ransomware virus with Zemana AntiMalware (ZAM)
Thinking about delete Badut Clowns crypto virus from your system? Then pay attention to Zemana. This is a well-known tool, originally created just to locate and remove malicious software, trojans and worms. But by now it has seriously changed and can not only rid you of malicious software, but also protect your personal computer from ransomware virus, malware and worms, as well as find and uninstall common viruses and trojans.
Visit the following page to download Zemana Anti Malware (ZAM). Save it to your Desktop so that you can access the file easily.
163820 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
Once the downloading process is finished, close all windows on your computer. Further, launch the install file named Zemana.AntiMalware.Setup. If the “User Account Control” prompt pops up as shown on the screen below, press the “Yes” button.
It will display the “Setup wizard” which will help you install Zemana Anti Malware on the personal computer. Follow the prompts and do not make any changes to default settings.
Once setup is finished successfully, Zemana will automatically start and you can see its main window as on the image below.
Next, click the “Scan” button to perform a system scan with this utility for the Badut Clowns crypto virus, other malware, worms and trojans. While the Zemana program is scanning, you can see count of objects it has identified as threat.
When Zemana Anti-Malware has completed scanning your machine, you can check all threats found on your personal computer. Make sure to check mark the threats which are unsafe and then click “Next” button.
The Zemana Free will remove Badut Clowns crypto malware, other kinds of potential threats like malicious software and trojans and add threats to the Quarantine. Once the procedure is complete, you may be prompted to reboot your personal computer.
How to automatically delete Badut Clowns with MalwareBytes Free
Get rid of Badut Clowns ransomware manually is difficult and often the crypto malware is not completely removed. Therefore, we suggest you to use the MalwareBytes Free that are completely clean your PC system. Moreover, this free application will help you to delete malicious software, PUPs, toolbars and adware that your PC may be infected too.
- Installing the MalwareBytes is simple. First you’ll need to download MalwareBytes Free by clicking on the following link. Save it on your Desktop.
Malwarebytes Anti-malware
326125 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
- At the download page, click on the Download button. Your internet browser will display the “Save as” dialog box. Please save it onto your Windows desktop.
- When the downloading process is finished, please close all software and open windows on your PC. Double-click on the icon that’s called mb3-setup.
- This will start the “Setup wizard” of MalwareBytes AntiMalware onto your PC system. Follow the prompts and don’t make any changes to default settings.
- When the Setup wizard has finished installing, the MalwareBytes will start and open the main window.
- Further, click the “Scan Now” button . MalwareBytes Anti-Malware utility will begin scanning the whole computer to find out Badut Clowns crypto malware, other malicious software, worms and trojans. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your machine and the speed of your personal computer. During the scan MalwareBytes Anti Malware will search for threats present on your personal computer.
- When MalwareBytes Free is finished scanning your PC system, MalwareBytes will open a scan report.
- Make sure all items have ‘checkmark’ and click the “Quarantine Selected” button. After the procedure is finished, you may be prompted to reboot the system.
- Close the Anti-Malware and continue with the next step.
Video instruction, which reveals in detail the steps above.
Use KVRT to uninstall Badut Clowns
KVRT is a free removal tool that can be downloaded and run to remove crypto viruss, adware, malware, potentially unwanted applications, toolbars and other threats from your computer. You can run this tool to locate threats even if you have an antivirus or any other security program.
Download Kaspersky virus removal tool (KVRT) on your Windows Desktop from the link below.
128966 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After downloading is done, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is complete, you will see the Kaspersky virus removal tool screen as shown on the image below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button to perform a system scan with this tool for the Badut Clowns crypto malware and other malware. This task can take quite a while, so please be patient. While the KVRT is scanning, you may see number of objects it has identified either as being malicious software.
When finished, a list of all items found is created as displayed on the screen below.
Review the results once the tool has finished the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply press on Continue to start a cleaning procedure.
How to decrypt .badutclowns files
As mentioned earlier, the ransom payment is the only way to decrypt .badutclowns files, unfortunately. After the victim transfers the specified amount of money (usually $200 in Bitcoins) to the fraudsters, they provide a private key to decrypt the locked data.
Never pay the ransom! Some victims, wishing to recover access to blocked files, pay the ransom amount of money to fraudsters. However, it is important to remember before performing this action that you are interacting with unscrupulous and dishonest people, and the probability that after transferring money they will not provide you with a private key and Badut Clowns decryption utility to decrypt .badutclowns files or increase the amount of ransom is high enough.
Of course, it can not be considered that the only correct method out of the situation when your PC system is infected with Badut Clowns ransomware, will be the payment of ransom, as this only leads to the prosperity of illegal actions of cybercriminals. The smart thing to do is to try to recover the locked files from the backup or wait for the release of the Badut Clowns decryption utility to unlock them. You can also try to restore photos, documents and music using free apps listed below.
How to restore .badutclowns files
Fortunately, there is little opportunity to recover photos, documents and music that have been encrypted by the Badut Clowns ransomware virus. Data restore apps can help you! Many victims of various ransomware infections, using the steps described below, were able to restore their files. In our guidance, we recommend using only free and tested tools called PhotoRec and ShadowExplorer. The only thing we still want to tell you before you try to restore encrypted .badutclowns files is to check your PC for active crypto malware. In our post we gave examples of which malware removal utilities can find and remove the Badut Clowns crypto virus.
Use ShadowExplorer to recover .badutclowns files
The Microsoft Windows has a feature named ‘Shadow Volume Copies’ that can help you to recover .badutclowns files encrypted by the Badut Clowns ransomware virus. The way described below is only to recover encrypted documents, photos and music to previous versions from the Shadow Volume Copies using a free tool named the ShadowExplorer.
First, please go to the link below, then click the ‘Download’ button in order to download the latest version of ShadowExplorer.
438026 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
When the downloading process is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder like below.
Start the ShadowExplorer utility and then choose the disk (1) and the date (2) that you wish to restore the shadow copy of file(s) encrypted by the Badut Clowns ransomware as displayed in the figure below.
Now navigate to the file or folder that you want to recover. When ready right-click on it and click ‘Export’ button as displayed below.
Recover .badutclowns files with PhotoRec
Before a file is encrypted, the Badut Clowns crypto virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your documents, photos and music using file recover programs such as PhotoRec.
Download PhotoRec by clicking on the link below.
When the downloading process is complete, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed on the screen below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It will open a screen as shown in the figure below.
Select a drive to recover similar to the one below.
You will see a list of available partitions. Select a partition that holds encrypted documents, photos and music as shown on the image below.
Press File Formats button and choose file types to restore. You can to enable or disable the restore of certain file types. When this is done, click OK button.
Next, click Browse button to choose where restored documents, photos and music should be written, then click Search.
Count of restored files is updated in real time. All recovered photos, documents and music are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the recovery is complete, press on Quit button. Next, open the directory where recovered documents, photos and music are stored. You will see a contents as displayed in the following example.
All recovered photos, documents and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your restored files by extension and/or date/time.
How to protect your PC system from Badut Clowns crypto virus?
Most antivirus apps already have built-in protection system against the crypto malware. Therefore, if your computer does not have an antivirus application, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Run HitmanPro.Alert to protect your PC system from Badut Clowns ransomware
HitmanPro.Alert is a small security tool. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
First, click the link below, then press the ‘Download’ button in order to download the latest version of HitmanPro Alert.
When downloading is finished, open the file location. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. Once the utility is opened, you’ll be displayed a window where you can select a level of protection, as on the image below.
Now click the Install button to activate the protection.
To sum up
Once you have finished the step-by-step instructions above, your computer should be clean from Badut Clowns ransomware and other malware. Your system will no longer encrypt your photos, documents and music. Unfortunately, if the guidance does not help you, then you have caught a new variant of ransomware virus, and then the best way – ask for help here.