The Databankasi virus falls within the ransomware type of malicious agent. Malware of this type encrypts all user’s data on the PC (images, text files, excel sheets, music, videos, etc) and adds its specific extension to every file, leaving the —BILGILENDIRME—-NOTU—.txt text files in each folder which contains the encrypted files.
What is Databankasi virus?
☝️ A strictly accurate denomination for the Databankasi is “a ransomware infection”.
Databankasi will append its specific .databankasi extension to the title of each encrypted file. For example, an image entitled “photo.jpg” will be altered to “photo.jpg.databankasi”. Just like the Excel file named “table.xlsx” will become “table.xlsx.databankasi”, and so on.
In every directory containing the encoded files, a —BILGILENDIRME—-NOTU—.txt text document will appear. It is a ransom money memo. Therein you can find information about the ways of contacting the racketeers and some other information. The ransom note usually contains a description of how to purchase the decryption tool from the tamperers. You can get this decrypting software after contacting databankasi@mail.ru, databankasi@techmail.info through email. That is how they do it.
Databankasi abstract:
Name | Databankasi Virus |
Extension | .databankasi |
Ransomware note | —BILGILENDIRME—-NOTU—.txt |
Contact | databankasi@mail.ru, databankasi@techmail.info |
Detection | UDS:Trojan.Win32.Packed, Win32:Vundo-QB [Trj], BScope.TrojanDownloader.Ajent |
Symptoms | Your files (photos, videos, documents) get a .databankasi extension and you can’t open them. |
Fix Tool | See If Your System Has Been Affected by Databankasi virus |
The —BILGILENDIRME—-NOTU—.txt file coming in package with the Databankasi malware provides the following discouraging information:
######################## Genel Olarak ######################## Sisteminizde ki Verileriniz tarafımızca şifrelenmiştir.... Bilindik Veri Kurtarma Yöntemleri ile Verilerinizi Geri Getiremeyeceğinizi Bilmenizi İsteriz... Kurtarmaya yönelik yaptığınız çalışmalar hakkınız ancak... Geç dönüş yapılması halinde ve kurtarmaya ayırdığınız zaman sizin aleyhinize işleyecek olup geç dönüşlerde her zaman size artı fiyat olarak döneceği hususunuda dikkate alınız. Veri kurtarma firmaları veya benzer yollar ile verileri geri getirmeye – kurtarmaya çalışmanız Sadece Sizin için Vakit ve Nakit Kaybı olacağı kesin olmak ile birlikte tercih sizindir. 1-) Son Zamanlarda Piyasada Çok Fazla Ödeme Yapılıp Dataların Açılmaması Durumu Var Özellikle Bu Tip Olayları Yaşayan İnsanlar Daha Az Ücret Ödemek için Hile Hurdaya Başvuran insanlar... (Biz işimizi profesyonel olarak yapmaktayız ödemeyi alır verileri teslim ederiz.Hiç Bir Zaman ödemesi alınmış bir veriyi açmamazlık yapmayız....) bu açıklamayı mail ile dönüş yaparken net ve dürüst olmanızı beklediğimi iletmiş için yazdım. Unutmayın net ve dürüst yaklaşımlar işinizi kolaylaştırcaktır Güven Konusunda ise, Daha Önce Şifrelediğim ve Verilerini Açtığım Bir Firmayı Referans Gösterebilirim Yada dilerseniz Örnek Dosya Çözümü Yapabiliriz.... 2 -) Yine istediğiniz Data Kurtarma Firmasına Gitmekte Özgürsünüz Bir Çoğu Hackerlarla Çalışyor. Ama Ben Çalışmıyorum Data Kurtarma Firmalarına Giden Müşterilerin Verileri için Ekstra Ücret talep ettiğimi de bilmenizi isterim.... 3-) Yukarıda Bahsettiğim Sorunları Yaşamamak Adına Fake Mailler Açarak Bize Mail Atmayınız Cevap Vermiyoruz Firma Mailleri Dışından Gelen Hiç bir Mail Cevaplanmamaktadır. 4- ) Sizi Tanımıyorum, Dolayısıyla Size Karşı Kötü Duygular Beslememin Size Kötülük Yapmamın peşinde değiliz işimiz ticaret olarak görüyoruz paramızı alırız verileri teslim ederiz tamamen profesyonel olarak Bu İşten Bir Gelir Elde Etmekteyiz. Yaptığınız Ödeme Sonrasında En Kısa Zamanda Verilerinizi Eski Haline Getirmek İçin Decrypter ( Şifreli Dosyaları Çözme ) Programını Gönderiyorum... Aşağıdaki Referans Kodunuzla Birlikte Verilerinizi Almak isterseniz Lütfen SAAT 11:00 a Kadar Mail Atınız Yinede Veri Kurtarma Firmaları, data kurtarma girişimleriniz veya Programları Denemek isterseniz Lütfen Dosyaların Aslı üzerinde Değil Bir Yere Kopyalayıp Onlar Üzerinde Deneme Yapınız. Aksi halde bozulan dosyalardan siz sorumlu olursunuz. ######################## Benimle iletişime Geçtiğinizde Dikkat Etmeniz Gerekenler ######################## 1-) Size teklif ettiğimiz tutarın Üzerine Pazarlık Yapmayınız dikkate almadığınız gibi ısrarcı olunması halinde ekstra ekleme yapmaktayız. Özetle bir siz değilsiniz Her Gün Onlarca iş yapmaktayız ve pazarlık için ayıracak vaktimiz de yoktur. 2-) Yine bir Saat Öncesinin Yedeği Var bir Hafta Öncesinin Yedeği Var Gibi söylemler ile indirim vs talep etmeyiniz varsa böyle bir durum yedeğinizi kurun ve devam edin bu gibi durumlara fiyat konusunda indirime konu olmamakla birlikte katiyen pazarlığa konu edilemez. 3-) Çokça karşılaştığımız bizimle iletişime geçmek yerine Sağa Sola datanızı Kurtarırım Diyenler ile iletişim kurup üç beş gün sonra çözüm bulamadan en son bize gelmeniz sizin aleyhinize olacaktır, gecikmeler size artı maliyet olarak yansıyacağı hususunu da dikkate alınız. Sıklıkla karşılaştığımız bir konuda, Bir çok data kurtarmacı sizden aldığı bilgiler ile bize ulaşmaktadır ve size Vereceğimiz ücrete onlara veriyoruz onlarda üzerine koyup tekrar size veriyor :) Biz kesinlikle firma veya kurum yetkili dışında kimseyle pazarlık yapmıyoruz ve veri teslimi yada veri açma yapmıyoruz.. Yine bu gibi girişimleriniz sonunda gelirseniz Ücretiniz talep ettiğim tutarın üstünde olacağını bilmenizi isteriz. 4-) Zamanında net ve dürüst bir şekilde Gelip duygu sömürüsü gibi boş talepler ile değil de tam bir profesyonel gibi gelirseniz bizde size karşı gerekli hassasiyeti ve profesyonelce ticaretimizi biri birimizi üzmeden tamamlarız. Bunu dışında mazeret mali gerekçe vb istekler ile indirim talebinde bulunmayınız, bu gibi gerekçeleri kesinlikle dikkate almıyoruz işimizi duygularımızla yürütmüyoruz 10 yıllık tecrübemiz ile artık bu gibi durumlara pirim vermemekteyiz... 5-) Bize ulaşırken Şirket Maili Dışında Mail göndermeyiniz dikkate almamaktayız. Nedeni ise Bir Çok Data Kurtarma Firması ve Verilerini Çözdüğünü iddia Eden Dolandırıcılar sizden aldıkları bilgiler ile (Özellikle Youtube Üzerinden) Fake Mailler Açıp bize ulaşıyorlar ve sizden para alarak ortadan kaybolmaktadırlar. Bu yüzden sadece şirket maillerinden gelen yada sizin olduğunuza emin olduğumuz mail adreslerinden gelen iletilere cevap vermekteyiz. Son olarak data kurtarmacılara ulaşsanız dahi onlar da verileri bizden talep etmektedirler bir nevi aracılıktan öte bir misyonları olmadığı gibi son zamanlarda dolandırıcılık aracı olmuştur. Bizimle direk iletişime geçmeniz net ve profesyonelce yaklaşımınız işleminizin çok hızlı bir şekilde hatta gün içinde çözülmesini mümkün kılar. => REFERANS KODUNUZ <= - => MAİL ADRESİMİZ <= databankasi@mail.ru databankasi@mail.ru Yedek Email Adresimiz (Yukardakinden Cevap Alamadığınız Durumlarda) databankasi@techmail.info ######################## Bu Kısım Data Kurtarma Firmalarına Özel Nottur ######################## Yıllarca Sırtımızdan Para Kazandınız Kurtarmadığınız Verileri Kurtarıyormuş Gibi Lanse Ettiniz Bu Saatten Sonra Hiçbirinizle Çalışmıyorum... Fake Mailler Açıp iletişime Geçemeyin Yakalarsam Anlarsam Firmalara İfşa Ederim
In the image below, you can see what a folder with files encrypted by the Databankasi looks like. Each filename has the ".databankasi" extension appended to it.
How did Databankasi ransomware end up on my PC?
There are many possible ways of ransomware injection.
There are currently three most popular ways for criminals to have ransomware planted in your system. These are email spam, Trojan introduction and peer-to-peer networks.
If you open your inbox and see letters that look like familiar notifications from utility services companies, delivery agencies like FedEx, Internet providers, and whatnot, but whose mailer is strange to you, beware of opening those letters. They are very likely to have a harmful file enclosed in them. Therefore, it is even more dangerous to download any attachments that come with letters like these.
Another option for ransom hunters is a Trojan file model1. A Trojan is a program that gets into your PC pretending to be something legal. For example, you download an installer for some program you need or an update for some software. However, what is unboxed reveals itself a harmful program that corrupts your data. Since the installation file can have any title and any icon, you'd better be sure that you can trust the resource of the things you're downloading. The optimal way is to use the software developers' official websites.
As for the peer-to-peer networks like BitTorrent or eMule, the threat is that they are even more trust-based than the rest of the Internet. You can never guess what you download until you get it. Our suggestion is that you use trustworthy resources. Also, it is a good idea to scan the folder containing the downloaded items with the antivirus as soon as the downloading is finished.
How to remove the Databankasi virus?
It is crucial to note that besides encrypting your data, the Databankasi virus will most likely install the Azorult Spyware on your machine to get access to credentials to different accounts (including cryptocurrency wallets). That program can derive your logins and passwords from your browser's auto-filling cardfile.
Often criminals would decode several of your files to prove that they indeed have the decryption tool. Since Databankasi virus is a relatively recent ransomware, safety measures designers have not yet found a method to undo its work. However, the anti-ransomware tools are constantly upgraded, so the solution may soon arrive.
Understandably, if the hackers do the job of encrypting victim's essential data, the desperate person will most likely fulfill their demands. Nevertheless, paying to racketeers does not necessarily mean that you're getting your blocked information back. It is still risky. After getting the ransom, the racketeers may send a wrong decryption key to the victim. There were reports about malefactors simply vanishing after getting the ransom without even writing back.
The best countermeasure to ransomware is to have a system restore point or the copies of your critical files in the cloud storage or at least on an external drive. Of course, that might be insufficient. Your most important thing could be that one you were working on when it all started. But at least it is something. It is also reasonable to scan your drives with the antivirus program after the OS is rolled back.
Databankasi is not the only ransomware of its kind, since there are other specimens of ransomware out there that act in the same manner. For instance, Eewt, Ofoq, Aawt, and some others. The two major differences between them and the Databankasi are the ransom amount and the method of encryption. The rest is almost identical: documents become inaccessible, their extensions altered, ransom notes are created in every folder containing encoded files.
Some lucky people were able to decode the blocked files with the aid of the free tools provided by anti-malware specialists. Sometimes the criminals accidentally send the decryption key to the victims in the ransom readme. Such an extraordinary fail allows the injured part to restore the files. But naturally, one should never expect such a chance. Remember, ransomware is a bandits' tool to pull the money out of their victims.
How do I avoid ransomware infection?
Databankasi ransomware has no superpower, so as any similar malware.
You can protect your PC from ransomware infiltration taking several easy steps:
- Never open any emails from unknown senders with unknown addresses, or with content that has likely no connection to something you are expecting (how can you win in a money prize draw without participating in it?). In case the email subject is more or less something you are expecting, scrutinize all elements of the dubious letter with caution. A fake email will surely contain mistakes.
- Avoid using cracked or untrusted software. Trojan viruses are often distributed as a part of cracked software, most likely as a “patch” which prevents the license check. But dubious programs are difficult to tell from trustworthy ones, because trojans sometimes have the functionality you need. You can try to find information about this software product on the anti-malware forums, but the optimal solution is not to use such software.
- And to be sure about the safety of the files you downloaded, check them with GridinSoft Anti-Malware. This software will be a perfect armor for your PC.
Reasons why I would recommend GridinSoft2
There is no better way to recognize, remove and prevent ransomware than to use an anti-malware software from GridinSoft3.
Download Removal Tool.
You can download GridinSoft Anti-Malware by clicking the button below:
Run the setup file.
When setup file has finished downloading, double-click on the setup-antimalware-fix.exe file to install GridinSoft Anti-Malware on your PC.
An User Account Control asking you about to allow GridinSoft Anti-Malware to make changes to your device. So, you should click “Yes” to continue with the installation.
Press "Install" button.
Once installed, Anti-Malware will automatically run.
Wait for the Anti-Malware scan to complete.
GridinSoft Anti-Malware will automatically start scanning your PC for Databankasi infections and other malicious programs. This process can take a 20-30 minutes, so I suggest you periodically check on the status of the scan process.
Click on "Clean Now".
When the scan has finished, you will see the list of infections that GridinSoft Anti-Malware has detected. To remove them click on the “Clean Now” button in right corner.
FAQ
🤔 How can I open ".databankasi" files?Is it possible to open“.databankasi” files?
Unfortunately, no. You need to decipher the ".databankasi" files first. Then you will be able to open them.
🤔 The encrypted files are very important to me. How can I decrypt them quickly?
If the “.databankasi” files contain some really important information, then you probably have them backed up. If not, there is still a function of System Restore but it needs a Restore Point to be previously saved. All other solutions require time.
🤔 Will GridinSoft Anti-Malware remove all the encrypted files alongside the Databankasi virus?
No way! The encrypted files are not harmful, so they won't be deleted.
With the help of GridinSoft Anti-Malware, you can clean your computer off the actual threats. The virus that has infiltrated your system is most likely still functional and it scans your system from time to time to encrypt any new files you might create on your PC after the attack. As it has been mentioned above, the Databankasi ransomware does not come alone. It installs backdoors and keyloggers that can take your account passwords by trespass and provide malefactors with easy access to your computer after some time.
🤔 What to do if the Databankasi virus has blocked my PC and I can't get the activation code.
In such a case, you need to have a flash memory card with a previously installed Trojan Killer. Use Safe Mode to perform the cleaning. The point is that the ransomware starts automatically as the system boots and encodes any new files created or brought into your PC. To stop this function - use Safe Mode, which allows only the vital programs to run upon system start. Consider reading our manual on running Windows in Safe Mode.
🤔 What can I do right now?
Many of the encrypted files might still be at your disposal
- If you sent or received your critical files by email, you could still download them from your online mailbox.
- You might have shared photographs or videos with your friends or relatives. Just ask them to post those images back to you.
- If you have initially downloaded any of your files from the Internet, you can try downloading them again.
- Your messengers, social networks pages, and cloud drives might have all those files as well.
- Maybe you still have the needed files on your old computer, a laptop, phone, flash memory, etc.
HINT: You can use file recovery programs4 to get your lost data back since ransomware encodes the copies of your files, removing the authentic ones. In the tutorial below, you can see how to use PhotoRec for such a restoration, but remember: you can do it only after you eradicate the ransomware itself with an antivirus program.
Also, you can contact the following official fraud and scam sites to report this attack:
- In the United States: On Guard Online;
- In Canada: Canadian Anti-Fraud Centre;
- In the United Kingdom: Action Fraud;
- In Australia: SCAMwatch;
- In New Zealand: Consumer Affairs Scams;
- In France: Agence nationale de la sécurité des systèmes d’information;
- In Germany: Bundesamt für Sicherheit in der Informationstechnik;
- In Ireland: An Garda Síochána;
To report the attack, you can contact local executive boards. For instance, if you live in USA, you can have a talk with FBI Local field office, IC3 or Secret Service.
I need your help to share this article.
It is your turn to help other people. I have written this guide to help people like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan SmithHow to Remove DATABANKASI Ransomware & Recover PC
Name: DATABANKASI Virus
Description: DATABANKASI Virus is a ransomware-type infections. This virus encrypts important personal files (video, photos, documents). The encrypted files can be tracked by a specific .databankasi extension. So, you can't use them at all.
Operating System: Windows
Application Category: Virus
User Review
( votes)References
- You can read more on Trojans, their use and types in the Trojan-dedicated section of GridinSoft official website.
- GridinSoft Anti-Malware Review from HowToFix site: https://howtofix.guide/gridinsoft-anti-malware/
- More information about GridinSoft products: https://gridinsoft.com/comparison
- Here's the list of Top 10 Data Recovery Software Of 2023.