The 21btc Ransomware is a file-locking Trojan that's part of Dharma Ransomware's family, a Ransomware-as-a-Service for hire by other threat actors. It can impede users' access to their files, media like documents mainly by encrypting them, remove local backups and deliver ransom demands through pop-ups. Users should withhold ransoms and use superior recovery options when available after removing the 21btc Ransomware through a dedicated anti-malware product.
Potentially-Outrageous Ransoms from Copied Trojans
Extending its variant campaigns into the Christmas season, the Dharma Ransomware retains a tight hold over the Ransomware-as-a-Service sector of the dark Web's software black market. Although prices for victims usually use a standard generally-acceptable value for most targets, a newer version of the Trojan family shows that it might be hiking the cost. If the 21btc Ransomware lives up to its name, its threat actor anticipates payments of half a million dollars per attack.
Both symptomatically and by its fundamental attacks, the 21btc Ransomware is similar to other versions of the Dharma Ransomware available to malware researchers. It uses a long-since-secured version of AES and RSA encryption for blocking most of the user's non-system files, ranging from text documents to pictures, music or archives. It also adds a new extension after previous ones in their names and a bracketed e-mail address – both of which refer to Bitcoins.
The twenty-one Bitcoin reference is the 21btc Ransomware's most stand-out characteristic, in that it might not be cosmetic, unlike variants like the Cvc Ransomware, the Dr Ransomware, the Dme Ransomware, or the World Ransomware. If these details refer to the ransom for the threat actor's file-unlocking help, it converts to USD at a current rate of over four hundred thousand dollars – well above the average. However, even these extreme prices aren't unknown, as malware researchers sometimes see them in connection to attacks against vulnerable enterprise-level corporate networks.
Bringing Trojans with High Expectations Down to Earth
Since the 21btc Ransomware's campaign may be targeting corporations, users should monitor possible infection vectors that are most likely for victims of that type. E-mail attachments are one possibility and even may include content dedicated to the recipient, such as industry-specific news or crafted fake delivery bills. Updating software, scanning attachments before opening them and disabling macros at all times are helpful defenses.
Users also should keep RDP features under strict lockdowns and make a point of never using passwords that are easy to guess – since threat actors may use automated tools for brute-forcing those credentials. Updating server infrastructure and other software for removing passive vulnerabilities can further harden an entity's defenses against any would-be attacks.
For recovery, malware experts never recommend keeping backups locally. Non-local backups are safer from deletion or other harm, and the 21btc Ransomware's family includes a default Restore Point-removing function for Windows systems.
Whatever the Trojan's costs are, most PC security products are likely to stop the 21btc Ransomware on sight and are preferable solutions for any disinfection needs.
Due to their regularity of updates, taking Ransomware-as-a-Services for granted as a minor problem can be tempted to many PC owners. The 21btc Ransomware's very name reminds the world that threat actors aren't always predictable, except in the sense of being profit-motivated – at another's cost, inevitably.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to 21btc Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.