Tuesday, October 15, 2024
HomeRansomwareDecryptor tool for BTC ransomware released - Avast

Decryptor tool for BTC ransomware released – Avast

Published on

Malware protection

BTC ransomware was distributed using traditional methods embedding the malicious file in the body of the email or sending them directly as an attachment.

It doesn’t use any well-known vulnerabilities to replicate as like we saw with WannaCry and EternalRocks.

This ransomware was distributed through well know file extensions like (.doc,.jpg,.jpeg,.mp4,.PSD,.pfx,.pdf) and so on. Once it infected it will rename the file in following format FileName.Extension.[Email].Ext2.

- Advertisement - SIEM as a Service

Once entered into the system it will generate a random password(unique per machine) and with the password, an encryption key will be generated.

It will then encrypted with a public key(hardcoded in the binary) and dispense a user ID in ransom files.

The encrypted symmetric key is kept as a base64-encoded string %USERPROFILE%\Desktop\key.dat.The ransomware uses MS CryptoAPI for encrypting files.

Once the encryption process completed it will set a wallpaper on your desktop like this.

Decryptor tool for BTC ransomware

BTC Decryptor tool from Avast

Security Expert Ladislav Zezula from Avast comes up with the decryptor tool for BTC ransomware. Click here to Download BTC Decrypter.

You can use it to decrypt files from Local drives, Network drives, and Folders, we also need to upload original along with the decrypted file, both of them should match.

Decryptor tool for BTC ransomware
Decryptor tool for BTC ransomware

On could sixteenth, 2017, the master private key was revealed by BleepingComputer. But the master key was not used in the Decrypter tool.

Instead, they used brute force Methods to retrieve the passwords that used by ransomware to Encrypt the files.

Also Read

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further...

pac4j Java Framework Vulnerable to RCE Attacks

A critical security vulnerability has been discovered in the popular Java framework pac4j. The...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Dark Angels Ransomware Attacking Windows And Linux/ESXi Systems

The sophisticated ransomware group Dark Angels, active since 2022, targets large companies for substantial...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus

The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the...