Monday, February 10, 2025
HomeRansomwareDecryptor tool for BTC ransomware released - Avast

Decryptor tool for BTC ransomware released – Avast

Published on

SIEM as a Service

Follow Us on Google News

BTC ransomware was distributed using traditional methods embedding the malicious file in the body of the email or sending them directly as an attachment.

It doesn’t use any well-known vulnerabilities to replicate as like we saw with WannaCry and EternalRocks.

This ransomware was distributed through well know file extensions like (.doc,.jpg,.jpeg,.mp4,.PSD,.pfx,.pdf) and so on. Once it infected it will rename the file in following format FileName.Extension.[Email].Ext2.

Once entered into the system it will generate a random password(unique per machine) and with the password, an encryption key will be generated.

It will then encrypted with a public key(hardcoded in the binary) and dispense a user ID in ransom files.

The encrypted symmetric key is kept as a base64-encoded string %USERPROFILE%\Desktop\key.dat.The ransomware uses MS CryptoAPI for encrypting files.

Once the encryption process completed it will set a wallpaper on your desktop like this.

Decryptor tool for BTC ransomware

BTC Decryptor tool from Avast

Security Expert Ladislav Zezula from Avast comes up with the decryptor tool for BTC ransomware. Click here to Download BTC Decrypter.

You can use it to decrypt files from Local drives, Network drives, and Folders, we also need to upload original along with the decrypted file, both of them should match.

Decryptor tool for BTC ransomware
Decryptor tool for BTC ransomware

On could sixteenth, 2017, the master private key was revealed by BleepingComputer. But the master key was not used in the Decrypter tool.

Instead, they used brute force Methods to retrieve the passwords that used by ransomware to Encrypt the files.

Also Read

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

New ‘BYOTB’ Attack Exploits Trusted Binaries to Evade Detection, Researchers Reveal

A recent cybersecurity presentation at BSides London 2024 has unveiled a sophisticated attack technique...

SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account

A severe security vulnerability, tracked as CVE-2025-23369, has been identified in GitHub Enterprise Server...

NanoCore RAT Attack Windows Using Task Scheduler to Captures keystrokes, screenshots

NanoCore, a notorious Remote Access Trojan (RAT), continues to pose a significant threat to...

Hackers Exploiting Google Tag Managers to Steal Credit Card from eCommerce Sites

In a concerning development, cybercriminals are leveraging Google Tag Manager (GTM), a legitimate tool...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Cisco Data Breach – Ransomware Group Allegedly Breached Internal Network

Sensitive credentials from Cisco's internal network and domain infrastructure were reportedly made public due...

Abyss Locker Ransomware Attacking Critical Network Devices including ESXi servers

The Abyss Locker ransomware, a relatively new but highly disruptive cyber threat, has been...

Globe Life Ransomware Attack Exposes Personal and Health Data of 850,000+ Users

Globe Life Inc., a prominent insurance provider, has confirmed a major data breach that...