BitPaymer Ransomware
Posted: July 12, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 6 |
| First Seen: | July 12, 2017 |
|---|---|
| Last Seen: | December 27, 2018 |
| OS(es) Affected: | Windows |
The BitPaymer Ransomware is a Trojan that encrypts the files on your PC, making content such as pictures, archives, or documents unable to open. Although accompanying symptoms provide instructions for paying the Trojan's threat actors for a decryptor, victims always should try other restoration methods first, such as recovering through backups. Protective anti-malware programs can block most of this Trojan's possible vectors for distribution, or remove the BitPaymer Ransomware from your computer.
Trojans Welcoming You with Extortion and Blackmail
Even with the enormous variation in extant families of threats like Hidden Tear, con artists interested in digital hostage-taking attacks are finding good reasons to develop independent Trojans. Many of the best-designed of such threatening programs find their way to private businesses, who possess the greatest motivation to spend money in return for saving multiple servers' worth of data. While all these facts apply to the new the BitPaymer Ransomware campaign, its attacks also are expanding in an unusual direction: towards blackmail.
The installation process for the BitPaymer Ransomware generates several, temporary files with pseudo-random names but its main executable pretends to be a Microsoft program. When opened, it uses memory process-injecting exploits to hide from various security programs while it scans the PC for files that it can encrypt. Once it finishes using this encryption to lock media like documents or images, the BitPaymer Ransomware creates a text message to redirect the user to its TOR ransom payment page.
The ransom-paying process for the BitPaymer Ransomware is similar to that of other file-encrypting campaigns and uses Bitcoins to eliminate any risks to the threat actor who's receiving the money. Besides putting in a time limit for data recovery, the threat actors also claim to be willing to leak any information collected in the same attack, to provide more motive for paying. So far, malware experts have yet to see any similar threats of blackmail from competing campaigns utilizing non-consensual data encryption.
Paying the Right Price in Security to Avoid a Higher One for Your Files
The BitPaymer Ransomware's authors are targeting for-profit business entities using means not yet known by our malware experts. Many threats often gain initial system access to targets of this type via forged e-mail content or browser-based exploit kits. Otherwise, a remote attacker could install the BitPaymer Ransomware manually, such as by RDP, after misappropriating the system's login information. Since the BitPaymer Ransomware uses advanced code-obfuscation and injection techniques, malware experts estimate that it was designed explicitly for attacking the private business sector, not individual, recreational-use systems.
Although it's highly compressed, most a clear majority of anti-malware products still are capable of identifying the BitPaymer Ransomware as a threat. They also should detect and block some of the most common infection vectors, such as Web-browsing exploits, by which this Trojan could install itself with little or no consent. Businesses using Internet-connected systems also should be sure to monitor their passwords for weaknesses that would make them at risk for brute-forcing techniques. In all cases, since no public decryption solutions are available, removing the BitPaymer Ransomware with anti-malware protection before it can attack is the best way, other than having backups, of saving any local media.
The BitPaymer Ransomware offers much in the way of verifiable details about how threat actors select their targets and implement sophisticated, long-term campaigns for maximizing profits. It also gives more than a small idea of the different degrees of emotional manipulation that can accompany a Trojan infection, even if the only advantage to encouraging a fear response is for the attacker.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.