Delete Bufas

May 16, 2019

What is Bufas

Bufas is a ransomware-type virus that was first discovered in mid-May 2019 by security researcher Michael Gillespie. The cybercriminals behind this threat are focusing on money extortion by locking user files with .Bufas file extension (typically AES encryption is used in STOP/Djvu family, although researchers also spotted some variants using different ciphers) and demanding ransom to be paid for the decryption tool.

The size of the ransom is $980, although crooks also offer a discount of 50% if they are contacted via, or @datarestore Telegram account within 72 hours after the initial infection. Victims affected by Bufas ransomware can see this information compiled in a text document _readme.txt, which is populated into each of the affected data folders.

Delete Bufas

While it is true that Bufas virus is currently not decryptable, paying the ransom is not recommended by security experts, as hackers might fail to provide the decryptor. Instead, victims should focus on Bufas ransomware removal and alternative decryption methods that we provide below.

Download Removal Toolto remove Bufas

Bufas virus authors use common ransomware distribution methods, such as spam emails, exploits, torrent or other file-sharing sites, fake Windows updates, etc. However, researchers spotted that many of STOP versions, including Kroput, Kropun, Promok, and others, were distributed on crack and pirated software sites, such as Crackithubcom or kmspico10com.

Additionally, some of the variants also carried AZORult trojan payload which can steam financial and other sensitive information from the host computer. Although it is yet unknown if this version has a secondary payload, it is vital to remove Bufas ransomware immediately.

While cybercriminals offer a 50% discount if contacted within 72 hours, experts recommend staying away from the culprits – there is simply no guarantee that they will send the decryptor needed to unlock personal files. Additionally, paying the ransom will only encourage threat actors to develop the virus further and infect more victims around the world.

Currently, there is no official decryptor would recover your files locked by Bufas ransomware. However, STOPDecrypter might work if the encryption process was performed offline. Additionally, third-party recovery software might be a great tool to get at least some of your data back.

But before that, you need to terminate Bufas virus, along with any secondary infections that might be present on your computer. For that, enter Safe Mode with Networking and use reputable anti-malware software to scan your device. After that, we recommend scanning the PC with to restore infected Windows system files.

How does Bufas works

As we already mentioned, many of the STOP variants were distribution on sites that host pirated/repacked software or its cracks. Therefore, it would be wise staying away from such websites altogether. Nevertheless, if you are willing to risk it (also, be aware that pirating software is illegal and might result in financial penalties), you should always scan the executables with anti-virus software or Virus Total engines. However, most of the crack tools will be flagged as malicious simply because if how they work, regardless if they will infect your computer or not.

Download Removal Toolto remove Bufas

Employ powerful anti-malware software and enable Firewall; Keep all your applications, along with the operating system, updated with the latest security patches; Be very careful with spam emails – especially those that include attachments or hyperlinks; Before opening an email from an unknown source, first make sure it is legit (be aware that email spoofing might make sender address look legitimate); Use an ad-blocker app (do not forget to add exclusions on sites you want to support); Use strong passwords for all your accounts and enable two-factor authentication where possible; Turn off RDP when not using it and also adequately protect it with a strong password.

How to delete Bufas

Please do NOT attempt to recover your files until a full Bufas ransomware removal is complete. To do that, you should access Safe Mode with Networking and then perform a full system scan with anti-malware software, such as Combo Cleaner or Anti-Malware . Be aware that new variants of STOP malware might not be detected by all AV vendors, so scan with multiple programs might be necessary to terminate Bufas virus altogether.

After you remove Bufas ransomware, you can then attempt to recover your files. If you had backups ready, now is the time to connect your external device or copy your data from remote storage. If you did not have backups prepared (most users don’T, although they should), you could try third-party software or a decryptor developed by security experts. You will find all the instructions below.

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to Bufas. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove Bufas Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for Bufas or anything related to it, and once you find it, press ‘Remove’.

Uninstall Bufas Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for Bufas or anything related to it, and once you find it, press ‘Remove’.

Delete Bufas Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for Bufas or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If Bufas.safariextz appears on the list, select it and press ‘Clear’.

Remove Bufas Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for Bufas or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that Bufas is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the Bufas program.
  7. Select Bufas or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from Bufas

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Use Chrome Clean Up Tool to Delete Bufas

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect Bufas, go back to the Clean up computer and reset settings.

Reset Mozilla Firefox to Default

If you still find Bufas in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

Download Removal Toolto remove Bufas
  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *