Home Malware Programs Ransomware 1BTC Ransomware

1BTC Ransomware

Posted: July 15, 2019

The 1BTC Ransomware is a file-locking Trojan that blocks your digital media by encrypting the files automatically. Since its family uses a secure encryption routine, users will need backups for recovery without paying the criminal's ransom. Anti-malware tools, however, can delete the 1BTC Ransomware on sight without issues and protect your work in the process.

Trojans Spelling Out Their Asking Price in Extensions

Another variant of the quickly-reproducing Dharma Ransomware family is appearing, with an apparently-new client at its helm. This version of the Trojan conducts attacks that are little-differentiated from those of ancestors like the Aa1 Ransomware, the KICK Ransomware, the PLUT Ransomware, or the '.stun File Extension' Ransomware. Updates to the Ransomware-as-a-Service, however, imply accompanying changes in infection strategies that might make the 1BTC Ransomware's arrival harder to predict.

The 1BTC Ransomware's name is from the extension that it appends to the names of the media that it blocks by, as usual, encrypting it with a secure, AES algorithm. The string's resemblance to the negotiating account of an old member of the same family, the qbtex Ransomware, is coincidental. 'BTC' refers to Bitcoins, which is the cryptocurrency that most file-locker Trojans request in their ransom notes.

After locking the documents, pictures, and other media, the 1BTC Ransomware wipes the user's Shadow Volume Copies, which are the default backups that Windows creates. Then, it leaves behind either HTA or TXT ransoming messages, which ask for negotiations over a 'btcdecoding@foxmail.com' e-mail address. Victims should be aware of the risk of not getting decryption help after paying the ransom, particularly, since one Bitcoin is a ten thousand USD 'investment,' at current rates.

Keeping Coinage Out of Criminal Coffers

Adequate protection from the 1BTC Ransomware's campaign involves both keeping infections from happening and acting to limit any damages that one incurs when these security steps fail. Due to Shadow Volume Copy deletion's frequency of appearance, malware experts advise against depending on them versus file-locking Trojans. Users can keep their files safely backed up to non-local devices for a free restoration solution for any locked files.

More proactively, users can stop attacks from happening by avoiding easily-guessed passwords, turning off RDP, rejecting illicitly-distributed digital content, disabling Flash and JavaScript inside their browsers, and installing security patches. All of these countermeasures block most of the techniques that file-locker Trojans employ for compromising individual PCs or servers. Enterprise-level users should consider enacting additional protocols concerning e-mail phishing tactics, which may carry spyware or file-locking Trojans like the 1BTC Ransomware.

Nearly all anti-malware vendors include sufficient detection metrics against the Dharma Ransomware family. Users with anti-malware protection can delete the 1BTC Ransomware automatically, or uninstall the Trojan afterward, in a post-infection scenario.

Malware researchers rank the 1BTC Ransomware as having minor alterations for standing out from the crowd, but that's not necessarily positive. Its failure to alter its business model implies that victims are still suffering from extortion, which is, arguably, their fault in the first place.

Related Posts

Loading...