1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

New BitCrypt ransomware variant distributed by bitcoin stealing malware

Discussion in 'Security Updates' started by starbuck, Mar 26, 2014.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Victims are asked to make bitcoin payments to recover encrypted files after their bitcoin wallets might have already been emptied

    A new variant of a malicious program called BitCrypt that encrypts files and asks victims for bitcoin payments is being distributed by a computer Trojan that first pilfers bitcoin wallets.

    BitCrypt is part of a growing category of malicious programs known collectively as ransomware that attempt to extort money from victims by locking their files or computers.

    One of the first variants of BitCrypt appeared in February and its development was likely inspired the success of a similar program called Cryptolocker that infected more than 250,000 computers in the last three months of 2013 alone.

    Like Cryptolocker, once installed on a system, BitCrypt encrypts a large range of files, from documents and pictures to archives, application development and database files. Victims stand to lose access not just to personal files, but also work projects, if they have no external backups.

    While the first variant of BitCrypt claimed to be using relatively strong RSA-1024 encryption, security researchers from Airbus Defence and Space found flaws in the implementation that allowed them to create a program to decrypt affected files.

    However, according to security researchers from antivirus vendor Trend Micro, an improved version of the malware appeared this month and is likely designed for wide distribution. The new version appends a .bitcrypt2 extension to encrypted files and can display its ransom note in 10 different languages: English, French, German, Russian, Italian, Spanish, Portuguese, Japanese, Chinese and Arabic.

    When this variant infects a computer it changes the desktop wallpaper to a picture that reads "Your computer was infected by BitCrypt v2.0 cryptovirus" and points the victim to a file called Bitcrypt.txt for additional instructions, the Trend Micro researchers said Monday in a blog post.

    The text file contains information on how to access a specific website hidden on the Tor anonymity network in order to obtain a special decryption program that's unique for every infection. The website asks users for their unique infection ID and a payment of 0.4 bitcoins -- around US$230 at current exchange rates -- in order to obtain the decryption tool.

    In a somewhat ironic twist, the Trend Micro researchers also found that the new BitCrypt variant is being distributed by a Trojan program called FAREIT that steals bitcoins, among other data.

    FAREIT searches and attempts to extract information from wallet.dat (Bitcoin), electrum.dat (Electrum) and .wallet (MultiBit) files, the researchers said. These files are created and used by different Bitcoin client applications.

    To avoid becoming a ransomware victim and being forced to pay to regain access to important files, it's essential to back up data regularly; preferably not on the same computer or a shared network drive, because the malware could affect those backups as well.


    Source:
    http://www.networkworld.com/news/20...ariant-distributed-280043.html?source=nww_rss
     
    starbuck, Mar 26, 2014
    #1

Share This Page