Menu
New BitCrypt ransomware variant distributed by bitcoin stealing malware

New BitCrypt ransomware variant distributed by bitcoin stealing malware

Victims are asked to make bitcoin payments to recover encrypted files after their bitcoin wallets might have already been emptied

A new variant of a malicious program called BitCrypt that encrypts files and asks victims for bitcoin payments is being distributed by a computer Trojan that first pilfers bitcoin wallets.

BitCrypt is part of a growing category of malicious programs known collectively as ransomware that attempt to extort money from victims by locking their files or computers.

One of the first variants of BitCrypt appeared in February and its development was likely inspired the success of a similar program called Cryptolocker that infected more than 250,000 computers in the last three months of 2013 alone.

Like Cryptolocker, once installed on a system, BitCrypt encrypts a large range of files, from documents and pictures to archives, application development and database files. Victims stand to lose access not just to personal files, but also work projects, if they have no external backups.

While the first variant of BitCrypt claimed to be using relatively strong RSA-1024 encryption, security researchers from Airbus Defence and Space found flaws in the implementation that allowed them to create a program to decrypt affected files.

However, according to security researchers from antivirus vendor Trend Micro, an improved version of the malware appeared this month and is likely designed for wide distribution. The new version appends a .bitcrypt2 extension to encrypted files and can display its ransom note in 10 different languages: English, French, German, Russian, Italian, Spanish, Portuguese, Japanese, Chinese and Arabic.

When this variant infects a computer it changes the desktop wallpaper to a picture that reads "Your computer was infected by BitCrypt v2.0 cryptovirus" and points the victim to a file called Bitcrypt.txt for additional instructions, the Trend Micro researchers said Monday in a blog post.

The text file contains information on how to access a specific website hidden on the Tor anonymity network in order to obtain a special decryption program that's unique for every infection. The website asks users for their unique infection ID and a payment of 0.4 bitcoins -- around US$230 at current exchange rates -- in order to obtain the decryption tool.

In a somewhat ironic twist, the Trend Micro researchers also found that the new BitCrypt variant is being distributed by a Trojan program called FAREIT that steals bitcoins, among other data.

FAREIT searches and attempts to extract information from wallet.dat (Bitcoin), electrum.dat (Electrum) and .wallet (MultiBit) files, the researchers said. These files are created and used by different Bitcoin client applications.

To avoid becoming a ransomware victim and being forced to pay to regain access to important files, it's essential to back up data regularly; preferably not on the same computer or a shared network drive, because the malware could affect those backups as well.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags online safetytrend microsecurityspywaredata protectionmalwarefraud

Featured

Slideshows

Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments