.Besub file extension ransomware virus (Restore, Decrypt .besub files)

A new variant of ransomware virus has been discovered by cyber security professionals. It appends the .besub file extension to encrypted files. This ransomware targets computers running Windows by spam emails, malware or manually installing the ransomware. Here’s everything you need to know about this ransomware, how to remove ‘Besub file virus’ and how to restore (decrypt) encrypted personal files for free.

Once installed, the Besub ransomware begins searching for attached disks and even networked disks containing archives, web application-related files, database, music, documents, images and videos. The files that will be encrypted include the following file extensions:

.zip, .hkdb, .xls, .bsa, .m2, .doc, .desc, .mp4, .m3u, .wpl, .zabw, .zw, .ws, .sav, wallet, .re4, .mrwref, .xx, .w3x, .cr2, .mcmeta, .fpk, .sb, .zdb, .layout, .wpd, .odc, .wsh, .kdc, .x3f, .7z, .xml, .wma, .xls, .docx, .t13, .y, .crt, .qdf, .xlsx, .xxx, .wp, .db0, .ntl, .wmf, .sr2, .png, .wmv, .wbk, .wmd, .nrw, .rw2, .jpe, .3ds, .xld, .wps, .wgz, .pak, .psd, .py, .eps, .pkpass, .raw, .dazip, .css, .qic, .hplg, .2bp, .x3d, .psk, .pptx, .tax, .sum, .kdb, .dcr, .ff, .p7b, .indd, .xf, .cdr, .lbf, .odp, .ztmp, .ybk, .bkf, .wpa, .ncf, .0, .cas, .pdd, .bar, .wsd, .big, .arw, .p7c, .bkp, .xll, .rofl, .wcf, .dwg, .ptx, .zi, .pdf, .pst, .wp7, .ai, .docm, .dbf, .srf, .srw, .vdf, .wav, .mov, .wn, .hkx, .wpb, .jpg, .sid, .sql, .x3f, .rgss3a, .odt, .gho, .dxg, .flv, .xbplate, .ysp, .odm, .pef, .yml, .tor, .bik, .dmp, .webdoc, .wot, .wpg, .upk, .mddata, .wbd, .wsc, .zip, .iwi, .wotreplay, .sidd, .lvl, .sis, .ppt, .1st, .cfr, .wps, .mdb, .xlsm, .wbmp, .icxs, .wpw, .wpe, .hvpl, .map, .zif, .wm, .ltx, .pptm, .ods, .txt, .p12, .xpm, .wri, .itdb, .wdb, .odb, .wma, .kf, .arch00, .iwd, .vpp_pc, .wbc, .rtf, .xlsm, .vpk, .rwl, .xlsx, .fsh, .vfs0, .esm, .xlsb, .lrf, .wb2, .zdc, .cer, .sidn, .pem, .yal, .csv, .forge, .bc7, .accdb, .das, .xyw, .mdf, .js, .sie, .webp, .z3d

With the encryption work done, all encrypted documents, photos and music will now have the new .besub extension appended to them. Besub ransomware drops a file called ‘_readme.txt’. This file contains a ransomnote that is written in the English language. The ransomnote directs victims to make payment to a cryptocurrency wallet in exchange for the keys needed to decrypt photos, documents and music.

ATTENTION!

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-i9Z5mq0D52
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

 

Threat Summary

Name	Besub
Type	Filecoder, File locker, Crypto virus, Crypto malware, Ransomware
Encrypted files extension	.besub
Ransom note	_readme.txt
Contact	gorentos@bitmessage.ch
Ransom amount	$980 in Bitcoins
Symptoms	Unable to open personal files. All of your documents, photos and music have a new file extension appended to the filenames. Files called such as ‘_readme.txt’, ‘#_README_#’, ‘_DECRYPT_’ or ‘recover’ in each folder with at least one encrypted file. ‘All files on your computer have been encrypted’ message on your desktop.
Distribution methods	Malicious spam (also known as ‘malspam’). Exploit kits (cybercriminals use ransomware virus packaged in an ‘exploit kit’ that can find a vulnerability in PDF reader, Microsoft Windows OS, Browser, Adobe Flash Player). Social media, like web-based instant messaging programs. Remote desktop protocol (RDP) hacking.
Removal	To remove Besub ransomware use the removal guide
Decryption	To decrypt Besub ransomware use the steps

 

We recommend you to remove Besub ransomware ASAP, until the presence of the ransomware has not led to even worse consequences. You need to follow the steps below that will help you to completely remove Besub ransomware virus from your PC system as well as restore encrypted documents, photos and music, using only few free utilities.

Quick links

1. How to remove Besub ransomware
2. How to decrypt .besub files
3. Use STOPDecrypter to decrypt .besub files
4. How to restore .besub files
5. How to protect your computer from Besub crypto virus?
6. Finish words

How to remove Besub ransomware

There are a few solutions that can be used to uninstall Besub. But, not all ransomware like this ransomware can be completely removed utilizing only manual ways. In most cases you are not able to delete any crypto malware utilizing standard MS Windows options. In order to delete Besub you need run reliable removal tools. Most IT security specialists states that Zemana Anti-malware, Malwarebytes or KVRT tools are a right choice. These free applications are able to scan for and remove Besub ransomware virus from your personal computer for free.

Use Zemana to remove Besub ransomware

Zemana Anti-Malware (ZAM) is a program that is used for malware, adware software, worms, ransomware, trojans, spyware and other security threats removal. The application is one of the most efficient anti malware utilities. It helps in crypto malware removal and and defends all other types of malware. One of the biggest advantages of using Zemana is that is easy to use and is free. Also, it constantly keeps updating its virus/malware signatures DB. Let’s see how to install and scan your system with Zemana in order to delete Besub from your computer.

1. Installing the Zemana is simple. First you will need to download Zemana AntiMalware (ZAM) on your MS Windows Desktop from the link below.
   
   

   Zemana AntiMalware
   164029 downloads
   Author: Zemana Ltd
   Category: Security tools
   Update: July 16, 2019
   
2. Once you have downloaded the setup file, make sure to double click on the Zemana.AntiMalware.Setup. This would start the Zemana install on your PC.
3. Select installation language and press ‘OK’ button.
4. On the next screen ‘Setup Wizard’ simply press the ‘Next’ button and follow the prompts.
   
5. Finally, once the setup is finished, Zemana Anti Malware (ZAM) will run automatically. Else, if doesn’t then double-click on the Zemana Anti Malware icon on your desktop.
6. Now that you have successfully install Zemana Anti-Malware, let’s see How to use Zemana AntiMalware to remove Besub ransomware virus from your computer.
7. After you have launched the Zemana Anti Malware (ZAM), you will see a window as shown on the image below, just click ‘Scan’ button to start checking your computer for the crypto virus.
   
8. Now pay attention to the screen while Zemana Anti-Malware (ZAM) scans your machine.
   
9. Once the system scan is done, Zemana Free will display a screen that contains a list of malware that has been detected. Review the results once the tool has finished the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click ‘Next’ button.
   
10. Zemana Free may require a restart PC system in order to complete the Besub virus removal process.
11. If you want to permanently delete ransomware virus from your personal computer, then click ‘Quarantine’ icon, select all malicious software, adware software, PUPs and other threats and click Delete.
12. Restart your system to complete the ransomware virus removal process.

Run MalwareBytes Anti-Malware (MBAM) to remove Besub file virus

Remove Besub ransomware virus manually is difficult and often the crypto malware is not completely removed. Therefore, we advise you to use the MalwareBytes which are fully clean your personal computer. Moreover, this free application will help you to delete malware, PUPs, toolbars and adware that your system can be infected too.

1. First, click the link below, then click the ‘Download’ button in order to download the latest version of MalwareBytes AntiMalware.
   
   

   Malwarebytes Anti-malware
   326382 downloads
   Author: Malwarebytes
   Category: Security tools
   Update: April 15, 2020
   
2. At the download page, click on the Download button. Your web-browser will show the “Save as” prompt. Please save it onto your Windows desktop.
3. Once the downloading process is done, please close all apps and open windows on your PC. Double-click on the icon that’s called mb3-setup.
4. This will start the “Setup wizard” of MalwareBytes Free onto your PC. Follow the prompts and don’t make any changes to default settings.
5. When the Setup wizard has finished installing, the MalwareBytes Anti Malware (MBAM) will run and open the main window.
6. Further, press the “Scan Now” button to perform a system scan with this utility for the Besub ransomware, other malware, worms and trojans. During the scan MalwareBytes Free will look for threats present on your machine.
7. Once the system scan is complete, MalwareBytes Anti-Malware will display you the results.
8. When you are ready, click the “Quarantine Selected” button. When that process is complete, you may be prompted to restart the PC.
9. Close the Anti-Malware and continue with the next step.

Video instruction, which reveals in detail the steps above.

Remove .Besub file virus with KVRT

KVRT is a free removal utility which can check your machine for a wide range of security threats such as the Besub ransomware, adware, potentially unwanted applications as well as other malicious software. It will perform a deep scan of your PC system including hard drives and MS Windows registry. When a malware is found, it will help you to remove all detected threats from your PC system with a simple click.

Download Kaspersky virus removal tool (KVRT) on your Microsoft Windows Desktop by clicking on the following link.

Once the downloading process is complete, double-click on the KVRT icon. Once initialization procedure is done, you will see the KVRT screen as shown on the image below.

Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button . Kaspersky virus removal tool tool will begin scanning the whole computer to find out Besub ransomware and other malicious software. While the KVRT utility is scanning, you can see number of objects it has identified as being affected by malicious software.

After KVRT completes the scan, KVRT will show a scan report like below.

Review the results once the tool has complete the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click on Continue to start a cleaning procedure.

How to decrypt .besub files

The Besub ransomware virus uses a strong encryption algorithm with long key. What does it mean to decrypt the files is impossible without the private key. Use a “brute forcing” is also not a way because of the big length of the key. Therefore, unfortunately, the only payment to the authors of the Besub ransomware entire amount requested – the only method to try to get the decryption key and decrypt all your files.

Should you pay the ransom? A majority of IT security researchers will reply immediately that you should never pay a ransom if infected by ransomware! If you choose to pay the ransom, there is no 100% guarantee that you can decrypt all personal files!

With some variants of Besub file virus, it is possible to decrypt encrypted files using free tools.

Michael Gillespie (@) released the Besub decryption tool named STOPDecrypter. It can decrypt files if they were encrypted by one of the known OFFLINE KEY’s retrieved by Michael Gillespie. Please check the twitter post for more info.

STOPDecrypter is a program that can be used for Besub files decryption. One of the biggest advantages of using STOPDecrypter is that is free and easy to use. Also, it constantly keeps updating its ‘OFFLINE KEYs’ DB. Let’s see how to install STOPDecrypter and decrypt .besub files using this free tool.

1. Installing the STOPDecrypter is simple. First you will need to download STOPDecrypter on your Windows Desktop from the following link.
   download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip
2. After the downloading process is done, close all applications and windows on your machine. Open a file location. Right-click on the icon that’s named STOPDecrypter.zip.
3. Further, select ‘Extract all’ and follow the prompts.
4. Once the extraction process is finished, run STOPDecrypter. Select Directory and press Decrypt button.

If STOPDecrypter does not help you to decrypt .besub files, in some cases, you have a chance to recover your files, which were encrypted by ransomware. This is possible due to the use of the tools named ShadowExplorer and PhotoRec. An example of recovering encrypted files is given below.

How to restore .besub files

In some cases, you can recover files encrypted by Besub crypto malware. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted files.

Recover .besub encrypted files using Shadow Explorer

A free utility called ShadowExplorer is a simple method to use the ‘Previous Versions’ feature of Windows 10 (8, 7 , Vista). You can recover .besub personal files encrypted by the Besub crypto virus from Shadow Copies for free.

Please go to the link below to download the latest version of ShadowExplorer for MS Windows. Save it on your Windows desktop.

When downloading is complete, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as displayed in the following example.

Double click ShadowExplorerPortable to start it. You will see the a window as shown in the figure below.

In top left corner, select a Drive where encrypted photos, documents and music are stored and a latest restore point as shown below (1 – drive, 2 – restore point).

On right panel look for a file that you wish to recover, right click to it and select Export as shown on the screen below.

Restore .besub files with PhotoRec

Before a file is encrypted, the Besub crypto malware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your files using file restore applications such as PhotoRec.

Download PhotoRec from the link below. Save it on your Desktop.

When the download is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown in the figure below.

Double click on qphotorec_win to run PhotoRec for Windows. It’ll open a screen like below.

Select a drive to recover as on the image below.

You will see a list of available partitions. Choose a partition that holds encrypted files as displayed in the figure below.

Click File Formats button and specify file types to restore. You can to enable or disable the restore of certain file types. When this is finished, click OK button.

Next, press Browse button to select where recovered personal files should be written, then press Search.

Count of recovered files is updated in real time. All restored personal files are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.

When the restore is done, click on Quit button. Next, open the directory where recovered personal files are stored. You will see a contents as displayed in the following example.

All recovered documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you are searching for a specific file, then you can to sort your restored files by extension and/or date/time.

How to protect your computer from Besub crypto virus?

Most antivirus applications already have built-in protection system against the crypto malware. Therefore, if your machine does not have an antivirus program, make sure you install it. As an extra protection, run the HitmanPro.Alert.

Run HitmanPro.Alert to protect your PC from Besub crypto virus

All-in-all, HitmanPro.Alert is a fantastic utility to protect your system from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of MS Windows operating system from MS Windows XP to Windows 10.

Download HitmanPro Alert on your MS Windows Desktop by clicking on the following link.

When the downloading process is done, open the file location. You will see an icon like below.

Double click the HitmanPro Alert desktop icon. When the utility is launched, you’ll be displayed a window where you can choose a level of protection, as on the image below.

Now click the Install button to activate the protection.

Finish words

Once you have finished the steps shown above, your machine should be free from Besub ransomware virus and other malware. Your computer will no longer encrypt your photos, documents and music. Unfortunately, if the few simple steps does not help you, then you have caught a new crypto virus, and then the best way – ask for help here.