Home Malware Programs Ransomware Banhu Ransomware

Banhu Ransomware

Posted: December 24, 2020

Ransomware operators' activity always picks up pace around Christmas when many people are likely to spend more time on their personal computers. While preventing such threats from causing damage is easily achievable by investing in up-to-date anti-malware software, many users continue to be reluctant to secure their computers. They are the group prone to Banhu Ransomware's attacks. This new file-locker has been created by using the source code of the threatening Phobos Ransomware, and, unfortunately, it is not decryptable with free software. The Banhu Ransomware authors claim that they own a working decryption utility, which can only be obtained by agreeing to pay a hefty ransom fee.

The Banhu Ransomware attack is meant to cause damage to important files like documents, media, backups, archives and others. After it locks a file, the Banhu Ransomware will append a new extension to locked files – it uses the pattern '.id[<VICTIM ID>].[gooddecrypt@airmail.cc].banhu.' After the Banhu Ransomware is finished with this task, it spawns a ransom message in a new window called 'encrypted.' It contains a message, which urges the victim to pay a Bitcoin ransom fee and to contact the attackers via the email gooddecrypt@airmail.cc. The criminals also can be contacted via the Telegram handle @gooddecrypt. Last but not least, they offer to decrypt 1-2 files for free so that their victims will have proof that the decryptor works.

Co-operating with cybercriminals is never a good idea, and Banhu Ransomware's authors are not an exception. Even if you agree to fulfill their demands, they may try to tactic you by ignoring your messages or even by asking you to pay more and more money.

If your device has been compromised by the Banhu Ransomware, we suggest that you run an anti-malware scanner immediately. This will stop the file-locker and prevent it from damaging new files. After you do this, you can start restoring files from a backup or to use other data recovery software.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Banhu Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.