BackMydata Ransomware


BackMydata is a harmful program of the Phobos family that blocks important user data for ransom. The BackMydata Ransomware virus, as soon as it infects the computer, starts an encryption process that eventually makes the targeted files inaccessible.This kind of malware attacks is commonplace nowadays and every day thousands of users fall victim to Ransomware infections like BackMydata . Usually, the viruses of this type don’t get noticed during the file encryption process because of their typical lack of symptoms. Sometimes, some of the more observant users may spot an increase in the amount of system resources that are being used. This is because the encryption requires a lot of RAM and CPU. This symptom is more apparent on less powerful computers where the spike in CPU and RAM use is likely to cause a system slowdown. However, even in those cases, the user is unlikely to realize right away that they have been attacked by Ransomware. This symptom is very common and could be caused by many different issues, as well as by regular system processes that aren’t harmful. Therefore, in almost all cases, once Ransomware attacks, it is almost guaranteed to successfully finish its job of locking up the user’s files.

Files encrypted by BackMydata virus ransomware (.BackMydata extension)
BackMydata virus ransomware encrypted files

The BackMydata virus

The BackMydata virus is a dangerous piece of computer malware that extorts ransom money from its victims by blocking their important data. The BackMydata virus blocks the files using encryption and generates a special decryption key on the hackers’ server.This key is offered to the victims of the Ransomware as soon as the encryption is completed. A note displayed on the infected computer’s Desktop is what informs the user about what has occurred on their computer and about the payment they are required to make in order to obtain the access key for their files.Some may think that paying the money is the optimal solution in such a situation and some may simply not have the needed money to complete the payment. In either case, however, the truth is that paying doesn’t really guarantee anything as far as the future of the files is concerned. Not every ransom payment is “rewarded” with a decryption key and the truth is that many users have been deceived by Ransomware hackers and persuaded into sending their money without being given an access key afterwards. Due to this, we suggest that you check out the free alternatives that we will give you in our removal guide and give them a try before you do anything else.

BackMydata virus ransomware text file (info.txt)
BackMydata virus ransomware ransom note

Text in this ransom note and the “info.txt” file:

Your network is hacked and files are encrypted.
Including the encrypted data we also downloaded other confidential information:
Data of your employees, customers, partners, as well as accounting and
other internal documentation of your company.
All data is stored until you will pay.
After payment we will provide you the programs for decryption and we will delete your data
We dont want did something bad to your company, it is just bussines  (Our reputation is our money!)
If you refuse to negotiate with us (for any reason) all your data will be put up for sale.
What you will face if your data gets on the black market:
1) The personal information of your employees and customers may be used to obtain a loan or
purchases in online stores.
2) You may be sued by clients of your company for leaking information that was confidential.
3) After other hackers obtain personal data about your employees, social engineering will be
applied to your company and subsequent attacks will only intensify.
4) Bank details and passports can be used to create bank accounts and online wallets through
which criminal money will be laundered.
5) You will forever lose the reputation.
6) You will be subject to huge fines from the government.
You can learn more about liability for data loss here:
Courts, fines and the inability to use important files will lead you to huge losses.
The consequences of this will be irreversible for you.
Contacting the police will not save you from these consequences, and lost data,
 will only make your situation worse.
IF YOU WILL CONTACT US IN FIRST 6 hours , and we close our deal in 24 hours , PRICE WILL BE ONLY 30%.
(time is money for both of us , if you will take care about our time , we will do same , we will care of price and decryption process will be done VERY FAST)
You can get out of this situation with minimal losses (Our reputation is our money!) !!!
To do this you must strictly observe the following rules:
DO NOT Modify, DO NOT rename, DO NOT copy, DO NOT move any files.
Such actions may DAMAGE them and decryption will be impossible.
DO NOT use any third party or public decryption software, it may also DAMAGE files.
DO NOT Shutdown or Reboot the system this may DAMAGE files.
DO NOT hire any third party negotiators (recovery/police, etc.)
You need to contact us as soon as possible and start negotiations.
You can send us 1-2 small data not value files for test , we will decrypt it and send it to you back.
After payment we need no more that 2 hours to decrypt all of your data. We will be support you untill fully decryption going to be done! ! !
(Our reputation is our money!)
Instructions for contacting our team:
Download the (Session) messenger (hxxps:// in messenger 05947063ab6603c0e3a12db53d93d23634081c56390ff2084d11977820f78ce877
MAIL:[email protected]

The .BackMydata file extension

The .BackMydata file extension is a special sequence of letters added to each file’s name in order to make the file unrecognizable to normal programs. The .BackMydata file extension is unique for this virus and can only be removed through decryption.However, there may be some methods that could allow you to get some of your data back and deal with the virus extension without necessarily needing the decryption key. You will learn more about those options from our guide that we now advise you to explore and complete.


Detection Tool

Remove BackMydata Ransomware


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.



    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

    hosts_opt (1)


    If there are suspicious IPs below “Localhost” – write to us in the comments.

    Type msconfig in the search field and hit enter. A window will pop-up:



    Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

    • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


    Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

    Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

    Type each of the following in the Windows Search Field:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!



    How to Decrypt BackMydata files

    We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1