Bitshifter Ransomware
Posted: July 24, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 48 |
| First Seen: | July 24, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Bitshifter Ransomware is a Trojan that can lock your files by encrypting them, communicates with a remote server for harmful purposes, and may transfer information similarly to spyware. Since its attacks are multifaceted but depend on network connectivity greatly, malware experts recommend that you disable Internet connections for infected PCs. A majority of anti-malware programs can delete the Bitshifter Ransomware as a threat to your PC before its attacks would occur.
Trojans Being Shifty behind the Scenes
What a Trojan seems like it's doing isn't always indicative of its full arsenal of attacks and, even more often than that, just is the tip of the iceberg concerning what harm it may cause to the user. While malware researchers often see file-enciphering Trojans such as the Bitshifter Ransomware building network features into their attacks, this specific threat uses an unusual protocol for its communications. The reasoning for this choice possibly lies in the Bitshifter Ransomware's non-ransom-based features, which its author may intend for collecting information.
On the ransoming half of its payload, the Bitshifter Ransomware conducts standard encryption attacks that corrupt the victim's local files, such as pictures, Office documents, or PDFs, according to a specified algorithm such as AES-128. You also may see filename changes with the attack, such as new extensions that the Bitshifter Ransomware adds after the former ones. Following the addition of new extensions, the Bitshifter Ransomware blocks your media and places a text note on the computer. This file contains the instructions for the victim follow for paying (typically, Bitcoins) to get access to a decryption solution and unlock the files ostensibly.
However, malware researchers also found some less than typical details in the Bitshifter Ransomware's network communications. The Trojan uses the browser-specialized WebSocket platform for its Command & Control server communications and notifies the threat actor of any successful infections automatically. Other details in these non-obfuscated server messages imply that the administrator may use the Bitshifter Ransomware for passing information from the infected system to his C&C server.
Gaming for Free Has Alternate Costs
The Bitshifter Ransomware's ransom instructions, while in English, include numerous grammatical errors and appear to be the byproduct of an automated translation service. Malware researchers also are connecting at least one of the Bitshifter Ransomware's infection vectors to a Russian resource: a fake optimization patch for the Witcher 3 video game. Fake downloads of this type are commonplace on torrent networks and corrupted websites posing as legitimate download sources particularly.
As per most threats of its kind, the Bitshifter Ransomware maintains few symptoms for the victims to see until the encryption finishes blocking their files. Detection rates are rising rapidly, and malware researchers note that most anti-malware programs from reputable security companies should detect and remove the Bitshifter Ransomware, although it's circulating packaged inside a compressed archive. While PC users can try to restore their files through other ways, such as free decryption software, having a backup dating to before the infection is the best recovery method.
Victims of the Bitshifter Ransomware attacks should remember that the symptoms it shows can be incomplete or fraudulent intentionally. Even when the threat in question doesn't seem to be dedicated spyware, changing one's passwords after disinfecting a PC is always a precaution that's worth the trouble.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.