BadNews Ransomware Removal Guide

Do you know what BadNews Ransomware is?

BadNews Ransomware infection enciphers your data with a strong cryptosystem and without a decryption tool to decipher it; the only other way to unlock the affected files is to replace them with copies. As you realize such copies should be made before the malicious application’s appearance on the system. Needless to say, the backup files should be located somewhere else besides the infected computer too, e.g. cloud storage, external hard drive, flash drive, and so on. No doubt, the malware’s creators may offer their decryption tool as well, but it can be rather expensive. Not to mention there is a risk the cyber criminals behind BadNews Ransomware could take the money without delivering the promised decryptor. That is why we advise you to eliminate the threat with the instructions located below and recover damaged data from backup.

Our researchers cannot be entirely sure, but they believe such malware might travel with malicious email attachments. There are cases when even careful users make a mistake by opening a harmless-looking file and allow the infection to settle in. As you see, the malicious files with which threats like BadNews Ransomware could be distributed may look like PDF, Microsoft Word, Excel, or other documents. Therefore, they might seem reliable from the first look. However, what should raise your suspicion is an unknown sender or unknown reason of sending the attachment to you, for example, the letter could contain a picture with a curious title but without any explanation text.

Thus, to guard the system against infections alike in the future, we would advise you to be more cautious with Spam emails and other suspicious emails containing attached files. Probably, the best way to clear any doubts is to scan the suspicious file with a reputable antimalware tool. Moreover, if your system is guarded by reliable and fully updated antimalware software, it is possible, it could warn you about malware even if you launch a malicious attachment, installer, and so on. Additionally, you should also do regular data backups to protect the most valuable data in case another application like BadNews Ransomware manages to enter the system.BadNews Ransomware Removal GuideBadNews Ransomware screenshot
Scroll down for full removal instructions

When the threat settles in, it should begin encrypting various personal files (images, photographs, documents, and so on). It is easy to recognize enciphered files, since all of them should have a specific extension (.badnews) at the end, for example, text.docx.badnews. After the encryption process is finished, the malware should also reveal its presence by showing you a ransom note. It might be opened in a separate window named Bad News. As the warning says, you have to pay 0.4 BTC (around $350) to get the decryption tool. One of the reasons we would advise against paying any money to the cyber criminals is that dealing with them is always risky. There are no reassurances at all and no chance to get the transferred money back.

What’s more, in this particular case, there is hope you could find a free decryptor on the Internet. The infection is based on a malicious educational application known as Hidden Tear, so its decryption tool could work on files enciphered by BadNews Ransomware as well. Given there might be other ways to recover the damaged data, we would advise you not to take any chances and refuse to pay the ransom. We would encourage you to erase the malware too as there is no need to keep it on the computer. To remove it manually, users should check the instructions below as they will explain the deletion process in detail.

The other way to get rid of the infection is to acquire a reputable antimalware tool. You simply need to set it to scan the system and the tool will detect malicious software on the computer automatically. Then, users can either review the displayed report or just click the deletion button to erase all threats at once.

Remove BadNews Ransomware

  1. Press Win+E.
  2. Navigate to the provided folders separately: Downloads, Desktop, Temporary Files.
  3. Look for a randomly named malicious file.
  4. Select the malicious file and press Shift+Delete.
  5. Locate the ransom note (how to recover encrypted files.hta), select it and tap Shift+Delete.
  6. Close the Explorer and restart the PC.

In non-techie terms:

BadNews Ransomware is a recently created file-encrypting malicious threat. The damage this infection might do to your data depends on how well were you prepared for the situation. For instance, if you have any copies of encrypted files, you can easily recover enciphered data. However, before connecting removable storages with copies or accessing remote cloud storages it would be a good idea to secure the system by eliminating the infection first. To erase it manually you should delete the threat’s malicious data as it is shown in the instructions above. Nevertheless, if the task seems to be too complicated, users can get rid of the malware with a reliable antimalware tool too.