Btos Ransomware

The Btos Ransomware is a file-locker Trojan from the family of the STOP Ransomware. Besides blocking your documents and similar media, the Btos Ransomware may delete backups, create messages with ransoming demands or imitate Windows updates with pop-ups. Users can delete the Btos Ransomware or block installation exploits with reputable anti-malware services and establish non-local backups as an optimal recovery method.

The Ongoing Update Tactic in a Trojan Family Business

A Ransomware-as-a-Service family, the STOP Ransomware, is one of the most populous threats delivering encryption attacks against media files and taking users' servers hostage for cash. While malware experts are emphasizing protocols that stop infections before they can happen, some campaigns coming from the STOP Ransomware also offer warning symptoms during the attacks. The Btos Ransomware is a recently-arrived example of what to watch for, after the encryption sprees of relatives ranging from the Hets Ransomware and the Peet Ransomware to the Blower Ransomware and the Promock Ransomware.

Most versions of the Btos Ransomware's installers are hiding as 'TMP' or temporary files, and, as usual, target Windows systems. However, the Btos Ransomware has a particular feature for stealth in such environs: a fake Windows GUI that pretends that the OS is updating itself. This distraction prevents users from interfering with the Trojan or noticing performance issues related to its encryption activities, which accomplish the locking of local media files. Simultaneously, the Btos Ransomware also deletes the Windows Restore Point backups.

While the blocking of data is central to the Btos Ransomware's business model of selling an unlocker, a minority of victims can recover their work through other methods. Users without proper backups can contact an experienced cyber-security researcher or test various advanced Shadow Volume Copy-based recovery applications, as is appropriate. Even more importantly than that, they should quarantine infections by monitoring logins for possible compromises related to the Btos Ransomware's dropping spyware, and account for Web browser-interfering features such as changes to the Hosts files that could temporarily block websites.

Blocking a Media Blocker before It Gets Out of Hand

Because the AES and RSA encryption in use by the Btos Ransomware's family is secure, usually, victims are in a situation that tempts them towards paying the ransom automatically. Users should do their best to save their work before infections appropriately and avoid the routes by which the Btos Ransomware might compromise their computers. Well-used hazards that malware experts find in these campaigns include:

• Malvertising (corrupted Web advertisements) and misleading website pop-ups.
• Vulnerability-leveraging browser threats like the Fallout Exploit Kit.
• Torrents and other, unsafe download resources.
• E-mail attachments such as documents and spreadsheets with embedded vulnerabilities.

Administrators also should keep track of software patches, password usage, and remote desktop control features for issues that put their servers at risk.

The Btos Ransomware is slightly more successful than most of its relatives at evading current detection heuristics from AV vendors. Users should update their anti-malware programs, when possible, for bettering their odds of deleting the Btos Ransomware before it starts locking files.

Just like con artists deceive their victims with a little foreknowledge, the Btos Ransomware turns the infected OS into part of its facade. Users savvy enough to know the difference between a genuine update and a mock-up of one might save their files, and hundreds to thousands of dollars in ransoms.