Badday Ransomware

Badday Ransomware Description

Nowadays, file-encrypting Trojans are one of the most prevalent threats online claiming new victims daily. They are often viewed as a way to make a quick buck and are not overly complicated to build, as long as the cyber crooks borrow most of the code from already existing ransomware threats.

Propagation and Encryption

One of the most recently detected data-locking Trojans is the Badday Ransomware. As its name suggests, you will likely have quite the bad day if you fall victim to this nasty Trojan. When malware researchers dissected the Badday Ransomware, they found out that it's a variant of the GlobeImposter 2.0 Ransomware. It is not disclosed what infection vectors are employed in the propagation of the Badday Ransomware. Some researchers believe that fake pirated variants of popular applications, alongside mass spam email campaigns, and bogus software updates may be some of the propagation methods used in the spreading of this file-locking Trojan. As soon as the Badday Ransomware infiltrates a host, it will run a scan to locate all the files, which it was configured to target. Ransomware threats usually go after all the popular file types to ensure maximum damage. This means that files such as images, songs, videos, films, documents, and presentations are all likely to be locked by the Badday Ransomware. When the files of interested are located, the Badday Ransomware will trigger its encryption process. This threat will apply an encryption algorithm to lock all the targeted data. When the Badday Ransomware locks a file, it appends a new extension to it – '.badday.' For example, if you had an audio file named 'aged-gold.mp3', the Badday Ransomware will change its name to 'aged-gold.mp3.badday.'

The Ransom Note

Next, the Badday Ransomware drops a ransom note on the user's desktop. The note is called 'how_to_back_files.html,' and it states:



To restore files you will need a decryptor!.
To get the decryptor you should:
Pay for decrypt your network - 12 BTC :
Buy BTC on one of these sites
Send 12 BTC for decrypt
Send screenshot of payment to or In the letter include your personal ID (look at the beginning of this document).


Only our team can decrypt your files.
No Payment = No decryption!
You really get decryptor after payment. As a guarantee you can send 1 test image or text file on our email (In letter include your personal ID)
Do not attempt to remove program or run any anti-virus tools! This doesn't help 🙂
Decoders of other users are not compatible with your data, because each infected computer have unique encryption key!!!
Attempts to self-decrypting files will result in the loss of your data.’

In the note, the attackers ask for the mind-numbing sum of 12 Bitcoin, which is $99,000 approximately. They also demand that the victim contacts them via email to receive further instructions – ‘' and ‘' In the ransom message, the attackers state that 'YOUR CORPORATE NETWORK IS LOCKED' so that this combined with the sky-high ransom fee makes researchers believe that the Badday Ransomware is meant to target large companies and not regular users.

You should keep your distance when it comes to dealings with cyber crooks. They do not tend to be the most trustworthy of individuals, and even if someone pays up this insanely high ransom fee, the attackers will likely never deliver on their end of the deal. A safer approach in this situation is to use a reputable anti-virus solution to remove the Badday Ransomware safely from your computer.

Do You Suspect Your PC May Be Infected with Badday Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Badday Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.