Home Malware Programs Ransomware BitPyLock Ransomware

BitPyLock Ransomware

Posted: January 10, 2020

The BitPyLock Ransomware is a file-locking Trojan family that can encrypt your PC's media so that the files can't open. Infections also include symptoms related to extorting money from the victims for an unlocker that may or may not work as advertised. Anti-malware solutions for deleting the BitPyLock Ransomware, and backups for data recovery, are the top-recommended defenses.

A Trojan Family Comes Out Punching

A competitor to the far more well-established families like the Scarab Ransomware, the Globe Ransomware, and the Dharma Ransomware is getting its startup in 2020. Attacks by the BitPyLock Ransomware and its variants may target individuals randomly but are more likely to harm vulnerable businesses and, possibly, unprotected government networks. The aim is, as usual, getting money – such as Bitcoins – by any means necessary.

The BitPyLock Ransomware is a Windows Trojan that uses what it claims is 'military-grade' encryption, although such boasts are frequent among both secure and laughably non-secure Trojan competitors. Malware researchers can't confirm the BitPyLock Ransomware's assertion of AES and RSA cryptography. Still, this technique is easy-to-use and efficient, which makes its appearance here a likely feature. In either case, regardless of the encryption algorithms in use, the BitPyLock Ransomware blocks documents, pictures, and other media formats from opening.

The BitPyLock Ransomware also includes a 'bitpy' extension-adder for flagging what content it holds hostage, and an HTML ransom note. The message is in English, but possibly with auto-translator assistance, and includes details that appear in other Trojans' campaigns routinely. The bottom line involves paying an extremely-costly 0.8 Bitcoins, or over six thousand dollars, for unlocking your files. Fortunately, according to the wallet's history, no victims are providing the profits for these attacks yet.

A Less Exorbitant Way of Sparing Your Files

Paying a criminal's price for a decryptor is a risk, but never more so when thousands of dollars are the average costs for a victim. Families of Trojans designed for this level of profitability and widespread propagation are also, often, secure against public decryption research. As a rule, any individual or company should always invest appropriately in backups that aren't on a vulnerable device for recovering as cheaply and conveniently as possible.

Malware researchers expect further attacks from variants of the BitPyLock Ransomware, due to the Trojan's apparent status as a rising Ransomware-as-a-Service threat. Business-compromising attacks may use publicly-known software exploits, brute-force past logins for admin accounts, or send disguised corrupted e-mail attachments. For the latter, users should avoid triggering macros and other, 'advanced' content without appropriate discretio, especially.

Samples of the BitPyLock Ransomware are detectable by many, if not all, current threat databases. The traditional anti-malware solutions should remove the BitPyLock Ransomware automatically and keep any attacks from harming your media.

The BitPyLock Ransomware also has one last trick up its sleeve, besides blocking content and extortion – it collects data related to FileZilla profiles. This data-snatching attack might be a side scheme for monetization, or just another way of circulating Trojans, which means that software pirates will need to be on the lookout for more trouble from the BitPyLock Ransomware's kin.

Loading...