Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Sunday, October 25, 2015

Remove .breaking_bad Extension Virus and Restore Encrypted Files

Tell your friends:
You know as well as I do that when it comes to spending time online – whether that is for work or for play, the chances of being caught out by a phishing scam or being infected by ransomware which encrypts your files and changes file extensions to .breaking_bad are greatly increased. It's a sad fact of modern life that we are at constant threat by people who want to do us harm, steal or corrupt our data, or empty our bank accounts. And unfortunately, thinking that you are doing enough to protect yourself simply by installing some anti-virus software and sitting back and assuming it is going to keep you secure is simply not enough. Besides, added to that, the majority of people install an anti-virus tool when they first buy their computer and then rarely even give it a second thought. How out of date is YOUR anti-virus software?

When you take into account that business is seriously good in the cyber crime industry and the criminals that program and distribute viruses and malware are continually thinking up new and increasingly innovative ways to scam us out of our money or do us harm, it stands to reason that you should do everything you can to avoid becoming a victim by staying one step ahead of the latest threats. So without further ado, here we are going to take a look at a serious danger to internet users: ransomware.

What is ".breaking_bad" ransomware?

It is a thoroughly nasty piece of software and definitely something you want to learn about and avoid at all costs. In the most basic terms, it has been designed to con you out of your money. How it accomplishes this is by kidnapping the files that you have stored on your PC and holding them hostage until you pay a ransom for their release. It's a method of extortion that is as old as the hills – but adapted to harm a whole new generation of computer users.

But how does a cyber criminal hold your files hostage, you may be wondering. When you have been infected by this ransomware and all your files end with .breaking_bad extension, the program will encrypt your data so that you can no longer access it. Allegedly, once you have paid the ransom to get your files back you will be sent a code that enables you to decrypt them and restore them to their former state. This ransom virus leaves a text file on your computer with the following information:

Ваши файлы были зашифрованы.
Чтобы расшифровать их, Вам необходимо отправить код:
на электронный адрес или
Далее вы получите все необходимые инструкции.
Попытки расшифровать самостоятельно не приведут ни к чему, кроме безвозвратной потери информации.

All the important files on your computer were encrypted.
To decrypt the files you should send the following code:
to e-mail address or
Then you will receive all necessary instructions.
All the attempts of decryption by yourself will result only in irrevocable loss of your data.

The ransom text is written in Russian and English. To receive further instructions on how to get your files back you need to send your unique code to or

That's annoying and potentially expensive, but my data is worth any amount of money!

Not so fast because there is absolutely no guarantee that a) you will be sent a decryption tool or b) if you were, the tool will work. Let us not forget that these are hardened cyber criminals that we are dealing with here. These are not benevolent kidnappers we are dealing with here. The likelihood is that they are simply going to take your money and run. Leaving you out of pocket and none the closer to getting your files back.

How to get my files back?

If you have a recent backup, wipe your hard disk and reinstall your files. If you don't, try Shadow Explorer and Recuva programs or search your computer for previous versions of files. If you are lucky enough you may find files that were not encrypted and renamed to .breaking_bad. But before restoring your files, please remove the ransomware and related malware files from your computer. To do so, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur,

Step 1: Removing .breaking_bad extension ransomware and related malware:

Before restoring your files from shadow copies, make sure the ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again. If you don't know how to do that, please watch this video.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by .breaking_bad ransom virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.

3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.

Hopefully, this will help you to restore all encrypted files or at least some of them.