Bitcoin666 Ransomware

The Bitcoin666 Ransomware is a ransomware, which applies an AES-based algorithm to block the victims’ access to their files and requires 0.3 BTC ($1,500) to remove the infection. Each encrypted file gets a new file extension placed next to its real one. The extension in question is ‘.bitcoin666@cock.li.word,’ a derivative of the contact email address provided by the crooks behind the threat.

The Bitcoin666 Ransomware uses conventional infection methods to drop the malicious executable designated bitcoin666.exe v.2.1.0.0 reportedly, yet sports an interface of a typical code environment. Upon successful completion of the AES encryption, the Bitcoin666 Ransomware triggers a black screen that says:

‘YOU HAVE BEEN HACKED !
Please write to bitcoin666@cock.li
Albeit called ‘Recover Files.TXT’, the ransom note looks like a code page rather than a standard text file. Whether that’s intentional or simply an error on their part may not be evident right away. A closer look into the note, however, reveals that there are certain mistakes in the code. For one, the victim’s ID number does not show up properly:
ImageURL: https://pbs.twimg.com/media/D3y-B6fWsAEdEWG.png
“PC id: “ + this.idnumber + “ “

According to the ransom note, the victim has 24 hours to submit a payment of 0.3 BTC ($1,500) to a Bitcoin address before that amount rises to 0.4 BTC ($2,056). The crooks promise to provide a decryption tool upon payment and offer free decryption of one file as a guarantee. The note proceeds with the standard instructions on how to purchase bitcoins and ends with two contact emails namely:

• bitcoin666@cock.li
• ap0calypse@india.com

The Bitcoin666 Ransomware is a treacherous piece of threatening software whose presence still goes unnoticed by a worryingly large number of anti-malware solutions if the data found about it is anything to go by. That is why maintaining regular backups is of paramount importance when surfing the Web.