Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

BTCWare Ransomware (.[no.btc@protonmail.ch].cryptowin)

  • Distribution Method : Unknown
 
  • MD5 : d5ff3ff1c6688922bbe86efbf8334bac
 
  • Major Detection Name : Ransom.BTCWare (Malwarebytes), Ransom:Win32/Betisrypt.A (Microsoft)
 
  • Encrypted File Pattern : .[no.btc@protonmail.ch].cryptowin
 
  • Malicious File Creation Location :
         - C:\Users\%UserName%\AppData\Roaming\#_HOW_TO_FIX.inf
         - C:\Users\%UserName%\AppData\Roaming\mfskSkfkls.exe
         - C:\Users\%UserName%\Desktop\key.dat
 
  • Payment Instruction File : #_HOW_TO_FIX.inf
 
  • Major Characteristics :
         - Offline Encryption
         - Crptxxx Ransomware series
         - Changes desktop background (C:\Users\%UserName%\AppData\Roaming\1.bmp)

List

위로