Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Avast Releases BTCWare Ransomware Decryptor Tool

CrAKeN

By CrAKeN
in Security & Privacy News

Recommended Posts

CrAKeN

CrAKeN

Posted
Posted

avast-releases-btcware-ransomware-decryp

 

The BTCWare decryptor can be downloaded for free

 

While the world was taken by storm by the WannaCry ransomware, there were other strains out there that were doing quite a bit of damage, including BTC ransomware. Thankfully, however, folks from Avast have come up with a decryption tool which is available for free. 

 

Paying the ransom for any malware that encrypts the files on your computer should never be done, except in dire cases. After all, every time someone pays, the attackers get the incentive to continue doing what they're doing. Victims of the BTCWare ransomware have a way out, however, as the security researchers from Avast built a free decryption tool.

 

The BTCWare ransomware began spreading a couple of months ago and thus far five variants have been spotted. You can tell them apart by the extension of the encrypted files:

 

- foobar.docx.[[email protected]].heva

- foobar.docx.[[email protected]].cryptobyte

- foobar.bmp.[[email protected]].cryptowin

- foobar.bmp.[[email protected]].btcware

- foobar.docx.onyon.

 

As Avast's security researchers note, BTCWare has been using the FileName.Extension..Ext2 scheme of naming files since it was first observed. Recently, a new variant called Onyonware, was discovered and it does not include a contact email address in the file name.

 

How does BTCWare work?


Once the ransomware infects the computer, it generates a random password which is then used to create the encryption key. The password is then encrypted with a public key and presented as a User ID in the ransom files.

 

After all files have been encrypted, the ransomware changes the desktop wallpaper with the note and leaves a note in each folder on how to get your files decrypted, threatening that if they don't receive an email within three days, the key will be deleted and the files will no longer be decryptable.

 

Although a couple of weeks ago the master private key was made public, Avast doesn't use it because it does not work on all variants. Instead, the decryptor they built uses brute force to retrieve the password.

 

Source

Link to comment
Share on other sites
  • Views 354
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...