Creators Of CoinVault Released BitCryptor Ransomware

Creators Of CoinVault Released BitCryptor Ransomware

The creators of the infamous ransomware "CoinVault" have released a replacement called BitCryptor with a new user interface as a result of  the public release of Kaspersky's CoinVault decryption tool. Apart from these slight changes, the method of infection and encryption routine of the threat remains the same.

This ransomware encrypts your files using AES 256 encryption and demands 1 bitcoin ($237 / €208) in order to decrypt your files. Unfortunately, the Kaspersky site for CoinVault keys will not work with this infection.

When BitCryptor is first started it will delete all shadow volume copies on the computer so that you are unable to restore your files from them. It will then set the Windows wallpaper to %Temp%\wallpaper.jpg and begin encrypting your files.

BitCryptor makes sure to skip folders such as program files, appdata, programdata, boot,windows, winnt, recycle.bin, downloads, all users, or temp while encrypting the files. And, it focuses on encrypting files that may contain sensitive and significant information (documents, media files, databases or archives)

While BitCryptor is running it will terminate any process that contains the following keywords:
shadow, cmd, processhacker, mbam, sh4, spyhunter, msconfig, taskmgr, roguekiller, rstrui, regedit, procexp
So, if you want to protect yourself against ransomware attacks, I recommend you to apply good security techniques.

Here is the list of articles that helps you to get maximum security:

No comments

Powered by Blogger.