Menu
New BitCrypt ransomware variant distributed by bitcoin stealing malware

New BitCrypt ransomware variant distributed by bitcoin stealing malware

Victims are asked to make bitcoin payments to recover encrypted files after their bitcoin wallets might have already been emptied

A new variant of a malicious program called BitCrypt that encrypts files and asks victims for bitcoin payments is being distributed by a computer Trojan that first pilfers bitcoin wallets.

BitCrypt is part of a growing category of malicious programs known collectively as ransomware that attempt to extort money from victims by locking their files or computers.

One of the first variants of BitCrypt appeared in February and its development was likely inspired the success of a similar program called Cryptolocker that infected more than 250,000 computers in the last three months of 2013 alone.

Like Cryptolocker, once installed on a system, BitCrypt encrypts a large range of files, from documents and pictures to archives, application development and database files. Victims stand to lose access not just to personal files, but also work projects, if they have no external backups.

While the first variant of BitCrypt claimed to be using relatively strong RSA-1024 encryption, security researchers from Airbus Defence and Space found flaws in the implementation that allowed them to create a program to decrypt affected files.

However, according to security researchers from antivirus vendor Trend Micro, an improved version of the malware appeared this month and is likely designed for wide distribution. The new version appends a .bitcrypt2 extension to encrypted files and can display its ransom note in 10 different languages: English, French, German, Russian, Italian, Spanish, Portuguese, Japanese, Chinese and Arabic.

When this variant infects a computer it changes the desktop wallpaper to a picture that reads "Your computer was infected by BitCrypt v2.0 cryptovirus" and points the victim to a file called Bitcrypt.txt for additional instructions, the Trend Micro researchers said Monday in a blog post.

The text file contains information on how to access a specific website hidden on the Tor anonymity network in order to obtain a special decryption program that's unique for every infection. The website asks users for their unique infection ID and a payment of 0.4 bitcoins -- around US$230 at current exchange rates -- in order to obtain the decryption tool.

In a somewhat ironic twist, the Trend Micro researchers also found that the new BitCrypt variant is being distributed by a Trojan program called FAREIT that steals bitcoins, among other data.

FAREIT searches and attempts to extract information from wallet.dat (Bitcoin), electrum.dat (Electrum) and .wallet (MultiBit) files, the researchers said. These files are created and used by different Bitcoin client applications.

To avoid becoming a ransomware victim and being forced to pay to regain access to important files, it's essential to back up data regularly; preferably not on the same computer or a shared network drive, because the malware could affect those backups as well.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags fraudmalwaredata protectionspywareonline safetytrend micro

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments