BIXI Virus Ransomware (.BIXI Files)

by Brendan Smith
September 12, 2024

The Bixi virus belongs with the ransomware type of malicious agent. Malware of such sort encrypts all the data on your computer (photos, text files, excel sheets, music, videos, etc) and adds its extra extension to every file, creating the !_INFO.txt text files in every directory with the encrypted files.

What is known about the Bixi virus?

Bixi will append its specific .bixi extension to every file’s title. For example, an image entitled “photo.jpg” will be altered to “photo.jpg.bixi”. Just like the Excel sheet with the name “table.xlsx” will become “table.xlsx.bixi”, and so on.

In every directory with the encoded files, a !_INFO.txt text file will be found. It is a ransom money note. It contains information on the ways of paying the ransom and some other remarks. The ransom note most probably contains a description of how to buy the decryption tool from the Bixi developers. You can obtain this tool after contacting [email protected], [email protected] by email. That is how they do it.

Bixi Summary:

Name Bixi Virus
Extension .bixi
Ransomware note !_INFO.txt
Contact [email protected], [email protected]
Detection Trojan:Win32/Tnega!MSR Removal, Win32:Adware-DNA [Adw] Virus Removal, Win32:Secat [Trj] Virus Removal
Symptoms Your files (photos, videos, documents) get a .bixi extension and you can’t open them.
Fix Tool See If Your System Has Been Affected by Bixi virus

The !_INFO.txt file accompanying the Bixi malware states the following:

ATTENTION! YOUR FILES WERE ENCRYPTED!
Don’t worry, your files are safe, provided that you are willing to pay the ransom.
- Don\'t rename encrypted files.
- Don\'t change encrypted files.
- Don\'t use third party software.
It will damage your files, you will lost any chance to recover it.
The only way to decrypt your files safely is to buy the special decryption software from us.
We can decrypt a couple of files as guarantee. The size of each file must be not more than 2Mb.
No database files for test.
Send pictures, text, doc files.
You can contact us with the following email


[email protected]
[email protected]

Send us this ID or this !_INFO.txt in first email

In the screenshot below, you can see what a folder with files encrypted by the Bixi looks like. Each filename has the “.bixi” extension added to it.

Bixi Virus - encrypted .bixi files

An example of encrypted .bixi files.

How did my machine catch Bixi ransomware?

There are plenty of possible ways of ransomware infiltration.

There are currently three most popular ways for hackers to have ransomware acting in your system. These are email spam, Trojan infiltration and peer-to-peer networks.

  • If you access your inbox and see letters that look just like notifications from utility services providers, postal agencies like FedEx, Internet providers, and whatnot, but whose addresser is unknown to you, beware of opening those emails. They are most likely to have a viral item attached to them. Thus it is even more dangerous to download any attachments that come with letters like these.
  • Another option for ransom hunters is a Trojan virus model. A Trojan is an object that infiltrates into your machine disguised as something different. For instance, you download an installer for some program you want or an update for some software. However, what is unpacked reveals itself a harmful agent that encrypts your data. Since the update file can have any title and any icon, you have to make sure that you can trust the resource of the files you’re downloading. The optimal way is to use the software companies’ official websites.
  • As for the peer networks like BitTorrent or eMule, the threat is that they are even more trust-based than the rest of the Web. You can never guess what you download until you get it. Our suggestion is that you use trustworthy websites. Also, it is a good idea to scan the folder containing the downloaded objects with the antivirus as soon as the downloading is complete.

How to remove ransomware?

It is important to note that besides encrypting your files, the Bixi virus will probably install Vidar Stealer on your machine to seize your credentials to various accounts (including cryptocurrency wallets). The mentioned program can derive your credentials from your browser’s auto-filling cardfile.

How to avert ransomware infiltration?

Bixi ransomware doesn’t have a superpower, neither does any similar malware.

You can defend your system from its injection taking several easy steps:

  • Ignore any letters from unknown senders with unknown addresses, or with content that has nothing to do with something you are expecting (how can you win in a lottery without participating in it?). If the email subject is more or less something you are expecting, check all elements of the suspicious letter carefully. A hoax email will surely have mistakes.
  • Do not use cracked or unknown software. Trojan viruses are often distributed as a part of cracked software, possibly under the guise of “patch” preventing the license check. Understandably, untrusted programs are difficult to distinguish from trustworthy software, as trojans may also have the functionality you need. You can try searching for information about this program on the anti-malware message boards, but the optimal way is not to use such programs at all.

FAQ

🤔 How can I open “.bixi” files?Are the “.bixi” files accessible?

Negative. That is why ransomware is so frustrating. Until you decode the “.bixi” files you will not be able to access them.

🤔 The encrypted files are very important to me. How can I decrypt them quickly?

If the “.bixi” files contain some really important information, then you probably have them backed up. Otherwise, you might try to employ System Restore. The only question is whether you have saved any Restore Points that would be helpful now. There are other ways to beat ransomware, but they take time.

🤔 What to do if the Bixi malware has blocked my PC and I can’t get the activation key.

🤔 And what should I do now?

Some of the blocked files can be located elsewhere.

  • If you sent or received your important files by email, you could still download them from your online mail server.
  • You may have shared images or videos with your friends or family members. Simply ask them to post those pictures back to you.
  • If you have initially downloaded any of your files from the Internet, you can try doing it again.
  • Your messengers, social networks pages, and cloud disks might have all those files too.
  • It might be that you still have the needed files on your old computer, a notebook, phone, flash memory, etc.

HINT: You can employ data recovery programs1 to get your lost data back since ransomware encrypts the copies of your files, removing the original ones. In the video below, you can see how to use PhotoRec for such a recovery, but remember: you can do it only after you remove the ransomware itself with an anti-malware program.

I need your help to share this article.

It is your turn to help other people. I have written this article to help users like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan Smith

References

  1. Here are Top 10 Data Recovery Software Of 2024.

About the author

Brendan Smith

Cybersecurity analyst covering malware families, suspicious files, and detection alerts. Brendan focuses on clear explanations of what a warning means, when it may be a false positive, and which cleanup steps are appropriate.

View all posts

Leave a Comment