How to remove Banhu Ransomware and decrypt .banhu files

What is Banhu Ransomware

Banhu (板胡, pinyin: bǎnhú – is a Chinese traditional bowed string instrument in the huqin family of instruments) – it is a cryptovirus from Phobos ransomware family that has become most active in recent weeks. Apparently, this is aimed at English-speaking users, however, judging by the reviews, it has already spread throughout the world. The main principle of Banhu is that it encrypts user files of various formats, including multimedia files, photos, videos, archives, office documents, and much more. Also, it makes these files unsuitable for further use. Like many other analogs, it uses special AES algorithms. Banhu comes by taking advantage of the weakness of the network settings. Banhu may take the form of a false update for programs and applications installed on your system, or it may come as an attachment to a spam mailing list. If you want to prevent such threats from entering, you need to use antivirus software. Moreover, be attentive to what you download from the Internet. If you have already found that Banhu ransomware has encrypted your files, then use our instructions to remove it.
The virus creates a special text file, which contains detailed information about the methods of redemption. Below we provide an image of this note.

decrypt .Banhu files

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail gooddecrypt@airmail.cc
Write this ID in the title of your message 1E857D00-2422
Our operator is available in the messenger Telegram: @gooddecrypt
DO NOT GIVE THIS EMAUL TO 3RD PARTIES
To write to us use the mail gmail.com, if you use other mails, your messages may not be received due to spam.
in your message indicate:
1. your country
2. ip address of your server
3. volume of encrypted information in gigabytes
4. number of infected servers
5. send us 1-2 files
the total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

The note does not contain much information. It simply indicates that the virus has encrypted your files. If based on user feedback, fraudsters may require about several hundred dollars for decryption. Of course, we do not recommend you pay anything. There is no guarantee that intruders will really decrypt your files. You need to read our instructions, which we have provided below, to try to remove Banhu ransomware right now and decrypt your files.

Well, there are 2 options for solving this problem. The first is to use an automatic removal utility that will remove the threat and all instances related to it. Moreover, it will save you time. Or you can use the Manual Removal Guide, but you should know that it might be very difficult to remove Banhu ransomware manually without a specialist’s help.

If for any reason you need to recover deleted or lost files, then check out our article Top 5 Deleted File Recovery Software

Banhu Removal Guide

Warning alert
Remember that you need to remove Banhu Ransomware first and foremost to prevent further encryption of your files before the state of your data becomes totally useless. And only after that, you can start recovering your files. Removal must be performed according to the following steps:

  1. Download Banhu Removal Tool.
  2. Remove Banhu from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
  3. Restore .Banhu files
  4. How to protect PC from future infections.

How to remove Banhu ransomware automatically:

Get Malwarebytes

Malwarebytes antivirus may help you to get rid of this virus and clean up your system. In case you need a proper and reliable antivirus, we recommend you to try it.

If you’re Mac user – use this.

Manual Banhu ransomware Removal Guide

Here are step-by-step instructions to remove Banhu from Windows and Mac computers. Follow these steps carefully and remove files and folders belonging to Banhu. First of all, you need to run the system in a Safe Mode. Then find and remove needed files and folders.

Uninstall Banhu from Windows or Mac

Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:

no information

Windows 7/Vista:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to Banhu by using Removal Tool;
  5. Delete found files;

Windows 8/8.1:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to Banhu by using Removal Tool;
  5. Delete found files;

Windows 10:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to Banhu by using Removal Tool;
  5. Delete found files;

Windows XP:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to Banhu by using Removal Tool;
  5. Delete found files;

Mac OS:

  1. Restart the computer;
  2. Press and Hold Shift button, before system will be loaded;
  3. Release Shift button, when Apple Banhuo appears;
  4. Find programs or files potentially related to Banhu by using Removal Tool;
  5. Delete found files;

How to restore encrypted files

You can try to restore your files with special tools. You may find more detailed info on data recovery software in this article – recovery software. These programs may help you to restore files that were infected and encrypted by ransomware.

Restore data with Stellar Data Recovery

Stellar Data Recovery is able to find and restore different types of encrypted files, including removed emails.

  1. Download and install Stellar Data Recovery
  2. Choose drives and folders with your data, then press Scan.
  3. Select all the files in a folder, then click on Restore button.
  4. Manage export location. That’s it!
Download Stellar Data Recovery

 

Restore encrypted files using Recuva

There is an alternative program, that may help you to recover files – Recuva.

  1. Run the Recuva;
  2. Follow instructions and wait until scan process ends;
  3. Find needed files, select them and Press Recover button;

How to prevent ransomware infection?

It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.

Malwarebytes

Get Malwarebytes

Malwarebytes is a reliable antivirus application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *