Menu
New BitCrypt ransomware variant distributed by bitcoin stealing malware

New BitCrypt ransomware variant distributed by bitcoin stealing malware

Victims are asked to make bitcoin payments to recover encrypted files after their bitcoin wallets might have already been emptied

A new variant of a malicious program called BitCrypt that encrypts files and asks victims for bitcoin payments is being distributed by a computer Trojan that first pilfers bitcoin wallets.

BitCrypt is part of a growing category of malicious programs known collectively as ransomware that attempt to extort money from victims by locking their files or computers.

One of the first variants of BitCrypt appeared in February and its development was likely inspired the success of a similar program called Cryptolocker that infected more than 250,000 computers in the last three months of 2013 alone.

Like Cryptolocker, once installed on a system, BitCrypt encrypts a large range of files, from documents and pictures to archives, application development and database files. Victims stand to lose access not just to personal files, but also work projects, if they have no external backups.

While the first variant of BitCrypt claimed to be using relatively strong RSA-1024 encryption, security researchers from Airbus Defence and Space found flaws in the implementation that allowed them to create a program to decrypt affected files.

However, according to security researchers from antivirus vendor Trend Micro, an improved version of the malware appeared this month and is likely designed for wide distribution. The new version appends a .bitcrypt2 extension to encrypted files and can display its ransom note in 10 different languages: English, French, German, Russian, Italian, Spanish, Portuguese, Japanese, Chinese and Arabic.

When this variant infects a computer it changes the desktop wallpaper to a picture that reads "Your computer was infected by BitCrypt v2.0 cryptovirus" and points the victim to a file called Bitcrypt.txt for additional instructions, the Trend Micro researchers said Monday in a blog post.

The text file contains information on how to access a specific website hidden on the Tor anonymity network in order to obtain a special decryption program that's unique for every infection. The website asks users for their unique infection ID and a payment of 0.4 bitcoins -- around US$230 at current exchange rates -- in order to obtain the decryption tool.

In a somewhat ironic twist, the Trend Micro researchers also found that the new BitCrypt variant is being distributed by a Trojan program called FAREIT that steals bitcoins, among other data.

FAREIT searches and attempts to extract information from wallet.dat (Bitcoin), electrum.dat (Electrum) and .wallet (MultiBit) files, the researchers said. These files are created and used by different Bitcoin client applications.

To avoid becoming a ransomware victim and being forced to pay to regain access to important files, it's essential to back up data regularly; preferably not on the same computer or a shared network drive, because the malware could affect those backups as well.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags online safetytrend microsecurityspywaredata protectionmalwarefraud

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments