Bitcoinpay@india.com Ransomware

Posted: November 29, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	22

First Seen:	November 29, 2016
OS(es) Affected:	Windows

The 'Bitcoinpay@india.com' Ransomware is a variant of the Crysis Ransomware, a Trojan family known for encoding your files and using the attack as an excuse for demanding a ransom payment. Besides placing even more importance than usual on the value of keeping backups, the 'Bitcoinpay@india.com' Ransomware also may be susceptible to third-party solutions described below. Regarding preemptive protection, your anti-malware programs should be able to interrupt the installation process and remove the 'Bitcoinpay@india.com' Ransomware.

Another Motive for Password Paranoia

Just as not every Trojan with a particular kind of payload operates to similar threats identically, not every con artist chooses the same ways of installing their threats or circulating them among arbitrary targets. Although e-mail is the clearly favored infection method for most file-encrypting Trojans, malware analysts see increases in alternatives, including password-cracking attacks. For the latter, one needs to look no further than September's the 'Bitcoinpay@india.com' Ransomware.

The 'Bitcoinpay@india.com' Ransomware's authors are distributing their Trojan through manual installation procedures currently. They gain access to the victim's system by compromising the local user account via 'brute forcing,' a technique most effective against simple passwords (such as 'password' or 'admin'). RDP systems are at risk especially. With that access acquired, the Trojan scans for local or network-accessible content that it can modify with its AES-based cipher.

The enciphering process locks the users out of their files until they can run a decryption tool with an appropriate key. Currently, the 'Bitcoinpay@india.com' Ransomware's authors 'sell' their decryption services for the price of 4 Bitcoins, a ransom malware analysts find notably higher than most similar campaigns. Furthermore, because of the explicit use of cryptocurrency, victims have no options if the con artists accept the money and ignore their side of the transaction.

Catching a Trojan with Fingers on Your Files

Especially perceptive PC users may be able to identify the memory process that the 'Bitcoinpay@india.com' Ransomware spawns for encrypting your content, as well as the potential system performance issues arising as a result. Taking any steps necessary for terminating the 'Bitcoinpay@india.com' Ransomware and isolating its contact to other data has the potential of saving other files before the Trojan can encipher them. Otherwise, free decryption software (available from a variety of PC security organizations) remains the recovery possibility malware experts can most wholeheartedly recommend.

Most anti-malware products can detect various releases of the Crysis Ransomware, which includes the 'Bitcoinpay@india.com' Ransomware. After using them for removing the 'Bitcoinpay@india.com' Ransomware, you also should try to identify the likely installation route, such as e-mails or the previously-noted password issues. Change any compromised passwords immediately for complex ones that you don't share with any other accounts ideally.

While it may be tedious to randomize capitalization, include numerals, and exercise other good password practices, the cost of not doing so, as the 'Bitcoinpay@india.com' Ransomware shows, can be surprisingly expensive.