What is Bisquilla ransomware? And how does it execute its attack?
Bisquilla ransomware is a new file-encrypting malware that’s been discovered recently. This new ransomware threat, however, does not really encrypt files in a computer. It is only capable of modifying system settings and fooling users to believe that their files are encrypted when they’re actually not. According to security researchers, this threat was found to be spreading as a fake Google Chrome updater and informs potential victims via a black window message.
The instant its payload file is dropped in a computer, it will quickly modify the settings in the system so that it can manipulate and monitor all the activities. It also modifies the settings in the browser where it will display a black window that contains the following message:
“Please relax and enjoy a warm cup of tea while I encrypt your files.
Do not turn off your computer, this can corrupt your files.
File Encryption Completed
As you can see on its ransom note, it tells users not to turn off their computers so that the files won’t get corrupted. Do not believe any of its words as it’s only bluffing and is only trying to make you believe that your files are encrypted. The best way to deal with threats of this kind is to eliminate them as fast as you can as its creators might decide to update it.
How is the payload file of Bisquilla ransomware disseminated over the web?
Like already pointed out, the payload file of Bisquilla ransomware is a fake Google Chrome Updater. You can come across such malicious file in third party and unknown sites that may offer free software packages or free software updates. Thus, you need to be careful in what you download online and make sure that when you do, that it’s from a reliable source.
Eliminate Bisquilla ransomware by following the removal guide prepared below.
Step 1: Close the browser that displays the ransom note of Bisquilla ransomware as well as any opened programs. If you find it hard to do so, you can close it via Task Manager. Just tap Ctrl + Shift + Esc keys to launch the Task Manager.
Step 2: Next, go to the Processes tab and look for the malicious processes of Bisquilla ransomware and then right click on it and select End Process or End Task.
Step 3: Close the Task Manager and restart your computer and put it into Safe Mode with Networking.
Step 4: Once your computer has restarted, open Control Panel by tapping the Windows key + R, then type in “appwiz.cpl” and then click OK or press Enter.
Step 5: Look for dubious programs that might by related to Bisquilla ransomware and then Uninstall it/them.
Step 6: Close Control Panel and then tap Win + E to launch File Explorer.
Step 7: After opening File Explorer, navigate to the following directories below and look for Bisquilla ransomware’s malicious components such as BisquillaRansomware.exe, [random].exe and other suspicious-looking files and then erase them all.
Step 8: Close the File Explorer and reset all your browsers to default.
- Open Firefox and click the icon that looks like a three stacked lines located at the top-right section of the browser.
- Next, select the question mark icon from the drop-down menu.
- Then select “Troubleshooting information” from the slide-out menu.
- After that, click on the “Reset Firefox” button located at the top-right section of the newly opened web page.
- Now select “Reset Firefox” in the confirmation pop-up window that appears.
- Open Google Chrome, then tap the Alt + F keys.
- After that, click on Settings.
- Next, scroll down until you see the Advanced option, once you see it, click on it.
- After clicking the Advanced option, go to the “Restore and clean up option and click on the “Restore settings to their original defaults” option to reset Google Chrome.
- Now restart Google Chrome.
- Launch Internet Explorer.
- Next, click the wrench icon for Settings.
- Then click Internet Options.
- After that, go to the Advanced tab.
- From there, click the Reset button. This will reset Internet Explorer’s settings to their default condition.
- Now click OK to save the changes made.
Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use [product-name], this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then by all means go on to the next steps.
Step 9: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step 10: Navigate to the listed paths below and look for the registry keys and sub-keys created by Bisquilla ransomware.
- HKEY_CURRENT_USER\Control Panel\Desktop\
- HKEY_USERS\.DEFAULT\Control Panel\Desktop\
Step 11: Delete the registry keys and sub-keys created by Bisquilla ransomware.
Step 12: Close the Registry Editor.
Step 13: Empty your Recycle Bin.
Try to recover your encrypted files using their Shadow Volume copies
Restoring your encrypted files using Windows’ Previous Versions feature will only be effective if Bisquilla ransomware hasn’t deleted the shadow copies of your files. But still, this is one of the best and free methods there is, so it’s definitely worth a shot.
To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.
Once you’re done executing the steps given above, you need to continue the removal process of Bisquilla ransomware using a reliable program like [product-name]. How? Follow the advanced removal steps below.
- Turn on your computer. If it’s already on, you have to reboot it.
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in the URL address, [product-url] in the Run dialog box and then tap Enter or click OK.
- After that, it will download the program. Wait for the download to finish and then open the launcher to install the program.
- Once the installation process is completed, run [product-code] to perform a full system scan.
- After the scan is completed click the “Fix, Clean & Optimize Now” button.