Bin Ransomware

Also Known As: Bin virus
Distribution: Low
Damage level: Severe

Bin ransomware removal instructions

What is Bin?

Bin is a ransomware-type program and one variant of the Scarab ransomware family. Its developers use it to encrypt data (files stored on victims' computers) and to blackmail people by demanding ransom payments in return for access to the files. The ransom message (which is in Russian) can be found in a text file called "Instructions.TXT". Bin modifies the name of each encrypted name by adding an additional ".bin" extension. For instance, "1.jpg" becomes "1.jpg.bin".

Judging by the Russian used in the message, this ransomware naturally targets people who speak or read this language. In any case, cyber criminals urge victims to contact them via the bin420@cock.li email address. According to them, all documents, photos, databases, and other important files have been encrypted. They encourage people with computers infected by Bin to contact them immediately, since they threaten to delete 24 files after each 24 hours has elapsed, and the cost of decryption is increased by 30% percent. The cost will stop increasing only after 72 hours. The cost of decryption is not stated, however, this can be increased up to three times. To receive decryption tools, Bin's victims must send emails to the address above. The email must include the assigned ID. These cyber criminals offer victims free decryption of two files as 'proof' that they have a tool that can decrypt the files. Note, however, people must first pay for it. All instructions about how to make payments are provided when Bin's developers are contacted and victims provide their unique IDs. The criminals promise to send a decryption tool as soon as they receive the money (in a cryptocurrency). Additionally, the cyber criminals who developed Bin warn victims not to run any anti-virus tools or attempt to decrypt files. They state that any attempts to do so will result in data loss. We advise that you do not contact Bin's developers (or other ransomware developers) or pay any ransoms. Typically, cyber criminals ignore victims and provide no decryption tools, even if their demands are met. Most criminals who develop ransomware-type programs use cryptography algorithms that cannot be 'cracked' without their involvement. Therefore, decryption is not possible without using tools that only cyber criminals can provide. There is no free way to decrypt files, unless a data backup was created prior to encryption. If you do have a backup, use it to restore all data.

Screenshot of a message encouraging users to pay a ransom to decrypt their compromised data:

Bin decrypt instructions

The number of ransomware-type programs is growing daily. Some other examples include Aqva, SEED LOCKER, and Cekisan. Most have similar behavior. These programs usually encrypt data/files and display ransom demand messages. Any differences are cost of decryption and algorithm used for encryption. Most of these programs encrypt data so that it cannot be decrypted without using specific decryption tools. Therefore, decryption without the involvement of cyber criminals is impossible. Decryption might only be possible in cases when ransomware-type programs are still in development or are not fully developed, have bugs, or other flaws. The best way to prevent possible data loss is to maintain regular data backups and store them on unplugged storage devices or remote servers.

How did ransomware infect my computer?

There are various methods used to distribute Bin ransomware, however, these computer infections are usually proliferated using Trojans, spam campaigns (emails), third party software download sources, fake software updaters and software cracking tools. Trojans are malicious programs that cause chain infections. Therefore, if a Trojan installed, it is possible that it will cause other infections such as Bin. Spam campaigns are used by cyber criminals (scammers) who send emails that contain malicious attachments. These attachments (executables, archive files, MS office documents, JavaScript files, etc.), download and install malware when opened. Third party download sources such as Peer-to-Peer networks (torrents, eMule and other tools of this type), freeware download websites, free file hosting websites and so on, can be used to present malicious executable (.exe) or other files as legitimate. By opening these files, users install malware and other infections. Fake software updaters usually infect systems by exploiting outdated software bugs/flaws or by downloading malicious programs rather than the promised/expected updates. Software cracking tools supposedly allow users to bypass activation of software or operating systems free of charge, however, cyber criminals often employ these tools to proliferate their malicious programs. In summary, using these tools often installs malware rather than bypassing any paid software activation.

Threat Summary:
NameBin virus
Threat TypeRansomware, Crypto Virus, Files locker
SymptomsCan't open files stored on your computer, previously functional files now have a different extension, for example my.docx.locked. A ransom demanding message is displayed on your desktop. Cyber criminals are asking to pay a ransom (usually in bitcoins) to unlock your files.
Distribution methodsInfected email attachments (macros), torrent websites, malicious ads.
DamageAll files are encrypted and cannot be opened without paying a ransom. Additional password stealing trojans and malware infections can be installed together with a ransomware infection.
Removal

To eliminate Bin virus our malware researchers recommend scanning your computer with Spyhunter.
▼ Download Spyhunter
Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.

How to protect yourself from ransomware infections?

Browse the internet, download, install, and update software with care to stay safe from computer infections. Do not open email attachments without making sure that it is safe to do so. If an email is received from an unknown/suspicious address and seems irrelevant, ignore it and leave the attachments or links unopened. Download software using official, trustworthy sources and direct links. Avoid third party software installers, downloaders, unofficial websites, and other earlier channels. Furthermore, do not use third party (unofficial) software updaters. Software should be updated using implemented functions or tools provided by the official developers. Note that using software cracking tools is a cyber crime. Furthermore, these tools often are the reason behind many computer infections. Finally, have a reputable anti-spyware/anti-virus software installed and keep it enabled and updated. If your computer is already infected with Bin, we recommend running a scan with Spyhunter for Windows to automatically eliminate this ransomware.

Text presented in Bin ransomware text file "Instructions.TXT":

Напишите на почту - bin420@cock.li
====================================================================================================

ВАШИ ФАЙЛЫ ЗАШИФРОВАНЫ!

Ваш личный идентификатор -

Ваши документы, фотографии, базы данных и другие важные файлы были зашифрованы.
Каждые 24 часа удаляются 24 файла, необходимо прислать свой идентификатор чтоб мы отключили эту функцию.
Каждые 24 часа стоимость расшифровки данных увеличивается на 30% (через 72 часа сумма фиксируется)

Для расшифровки данных:

Напишите на почту - bin420@cock.li

*В письме указать Ваш личный идентификатор
*Прикрепите 2 файла до 1 мб для тестовой расшифровки.
мы их расшифруем, в качестве доказательства, что ТОЛЬКО МЫ можем их расшифровать.

-Чем быстрее вы сообщите нам свой идентификатор, тем быстрее мы выключим произвольное удаление файлов.
-Написав нам на почту вы получите дальнейшие инструкции по оплате.

В ответном письме Вы получите программу для расшифровки.
После запуска программы-дешифровщика все Ваши файлы будут восстановлены.

Мы гарантируем:
100% успешное восстановление всех ваших файлов
100% гарантию соответствия
100% целостность файлов

Внимание!
* Не пытайтесь удалить программу или запускать антивирусные средства
* Попытки самостоятельной расшифровки файлов приведут к потере Ваших данных
* Дешифраторы других пользователей несовместимы с Вашими данными, так как у каждого пользователя
уникальный ключ шифрования
====================================================================================================

Ваш личный идентификатор -

Screenshot of files encrypted by Bin (".bin" extension):

Files encrypted by Bin

Bin ransomware removal:

Instant automatic removal of Bin virus: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Spyhunter is a professional automatic malware removal tool that is recommended to get rid of Bin virus. Download it by clicking the button below:
▼ DOWNLOAD Spyhunter By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.

Quick menu:

Step 1

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.

windows 10 safe mode with networking

Video showing how to start Windows 10 in "Safe Mode with Networking":

Step 2

Log in to the account infected with the Bin virus. Start your Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.

If you cannot start your computer in Safe Mode with Networking, try performing a System Restore.

Video showing how to remove ransomware virus using "Safe Mode with Command Prompt" and "System Restore":

1. During your computer start process, press the F8 key on your keyboard multiple times until the Windows Advanced Options menu appears, and then select Safe Mode with Command Prompt from the list and press ENTER.

Boot your computer in Safe Mode with Command Prompt

2. When Command Prompt mode loads, enter the following line: cd restore and press ENTER.

system restore using command prompt type cd restore

3. Next, type this line: rstrui.exe and press ENTER.

system restore using command prompt rstrui.exe

4. In the opened window, click "Next".

restore system files and settings

5. Select one of the available Restore Points and click "Next" (this will restore your computer system to an earlier time and date, prior to the Bin ransomware virus infiltrating your PC).

select a restore point

6. In the opened window, click "Yes".

run system restore

7. After restoring your computer to a previous date, download and scan your PC with recommended malware removal software to eliminate any remaining Bin ransomware files.

To restore individual files encrypted by this ransomware, try using Windows Previous Versions feature. This method is only effective if the System Restore function was enabled on an infected operating system. Note that some variants of Bin are known to remove Shadow Volume Copies of the files, so this method may not work on all computers.

To restore a file, right-click over it, go into Properties, and select the Previous Versions tab. If the relevant file has a Restore Point, select it and click the "Restore" button.

Restoring files encrypted by CryptoDefense

If you cannot start your computer in Safe Mode with Networking (or with Command Prompt), boot your computer using a rescue disk. Some variants of ransomware disable Safe Mode making its removal complicated. For this step, you require access to another computer.

To regain control of the files encrypted by Bin, you can also try using a program called Shadow Explorer. More information on how to use this program is available here.

shadow explorer screenshot

To protect your computer from file encryption ransomware such as this, use reputable antivirus and anti-spyware programs. As an extra protection method, you can use programs called HitmanPro.Alert and EasySync CryptoMonitor, which artificially implant group policy objects into the registry to block rogue programs such as Bin ransomware.

Note that the Windows 10 Fall Creators Update includes a "Controlled Folder Access" feature that blocks ransomware attempts to encrypt your files. By default, this feature automatically protects files stored in the Documents, Pictures, Videos, Music, Favorites as well as Desktop folders.

Controll Folder Access

Windows 10 users should install this update to protect their data from ransomware attacks. Here is more information on how to get this update and add an additional protection layer from ransomware infections.

HitmanPro.Alert CryptoGuard - detects encryption of files and neutralises any attempts without need for user-intervention:

hitmanproalert ransomware prevention application

Malwarebytes Anti-Ransomware Beta uses advanced proactive technology that monitors ransomware activity and terminates it immediately - before reaching users' files:

malwarebytes anti-ransomware

  • The best way to avoid damage from ransomware infections is to maintain regular up-to-date backups. More information on online backup solutions and data recovery software Here.

Other tools known to remove Bin ransomware: