Home Malware Programs Ransomware btc@fros.cc Ransomware

btc@fros.cc Ransomware

Posted: October 3, 2018

The btc@fros.cc Ransomware is a file-locker Trojan from the Dharma Ransomware branch of the Crysis Ransomware family. Threat actors rent this Ransomware-as-a-Service software for blocking the digital media of their targets and delivering ransom notes for the decryption service. Withhold the ransom, if possible, while having a trusted brand of anti-malware program uninstall the btc@fros.cc Ransomware and restore your work from your last, unencrypted backup.

Another Chapter in the Dharma Ransomware's Hunt for Bitcoins

The underground business project of Ransomware-as-a-Service remains lively for fall of 2018, with a September-dated campaign running a variant of the Crysis Ransomware underway. The file-locker Trojan of the hour, the btc@fros.cc Ransomware, uses some features that, at first, led to its incorrect identification as a new version of the Jigsaw Ransomware. However, the btc@fros.cc Ransomware doesn't use the timer or reboot-based file-deleting features of that family, while, still, representing a hazard via encryption and other, data hostage-taking symptoms.

Besides the Trojan's using packing as a relatively ineffectual way of hiding its identity from AV products, malware analysts can't verify the active infection or distribution methods of the btc@fros.cc Ransomware campaign. However, it is in the wild, having already achieved the successful encryption of at least one victim's media. PDF or Word documents, Excel spreadsheets, JPG, GIF, and BMP pictures, and space-compressed archives serve as examples of the files that the btc@fros.cc Ransomware is most likely for attacking and locking.

The btc@fros.cc Ransomware employs a '.BTC' extension, which is a generic acronym for the Bitcoin cryptocurrency, as part of its labeling the hostage files, which may account for a portion of its inaccurate detections by some AV databases. Besides this symptom, which malware researchers emphasize is not unique to it, the btc@fros.cc Ransomware also creates ransom notes that are typical of the Dharma Ransomware sub-family, including both Notepad TXTs and HTAs, or advanced, interactive Web pages. There's no specific price on the Bitcoin ransom for the file-unlocking service, but the users may use the 'free sample' that the btc@fros.cc Ransomware's authors are giving as proof of the decryption routine.

Stopping the Rise of a RaaS's BTC Collection

The minimal update that the btc@fros.cc Ransomware represents in contrast to other, recent versions of the Dharma Ransomware (such as the bkp@cock.li Ransomware or the Cmb Dharma Ransomware), or even old releases like the 'amagnus@india.com' Ransomware and the 'wisperado@india.com' Ransomware, show that threat actors don't need to modify their tactics for sabotaging data. The wiping of the local Shadow Volume Copies by the btc@fros.cc Ransomware guarantees that users depending on Windows' default restoration features will not have any way of restoring their files. However, paying the ransom doesn't always return a decryption service to the victim.

Backing up your work to secure devices will help with protecting media from all file-locking Trojans, including the most recent versions, like the btc@fros.cc Ransomware. Since spam e-mails are a defining infection vector for Trojans with these types of payloads, malware researchers also recommend avoiding downloading e-mail attachments without scanning them for possible threats. At the latest detection rates, a majority of anti-malware products can protect your PC by deleting the btc@fros.cc Ransomware either in its packed or unpacked form.

While they may change their names, tags or addresses, the criminals have good reasons for using cryptocurrency as a favorite ransom method. Instead of letting Bitcoin become a tool for hackers, the users should be maintaining dutiful file-storing strategies and refraining from clicking things that are more likely than not of carrying the btc@fros.cc Ransomware, or another update of the wide-ranging Crysis Ransomware project.

Loading...