BitPaymer Ransomware

What is BitPaymer Ransomware?

If you own a business, then you should be concerned with your company’s computers because they can become infected with BitPaymer Ransomware, a ransomware-type application that targets computers of businesses specifically to extract large sums of money. This program is set to encrypt many files that include documents that and other files that may be of vital importance to you. Its developers want you to pay an outrageous 50 BTC ransom which translates to an approximate 135,000 USD. Its creators mean business and this program’s encryption has not been cracked yet, so you cannot decrypt your files for free. An anti-malware program is a must for a business computer because they are often targeted by cyber criminals who know that they will be able to extract a lot of money from it.

Where does BitPaymer Ransomware come from?

Our cyber security experts have taken a look at this program and have uncovered some interesting things about it. Apparently, its developers exploit Remote Desktop Protocol (RDP) which is a protocol developed by Microsoft that allows the user to connect to remote computers and control them. The criminals employ brute force attacks on computers and once the password has been cracked, drop the ransomware. Apart from this distribution method, the developers make use of malicious emails to infect computers as well. They send spam emails to random people and hope that they will open the attached file that is set to drop BitPaymer Ransomware on your PC. This ransomware is dropped in %LOCALAPPDATA%\{random 3-7 letters}\{randomname.exe} and %UserProfile%\Local Settings\Application Data\{random 3-7 letters}\{randomname.exe}. If you download this ransomware via email, then there should also be a file in the Downloads folder.

What does BitPaymer Ransomware do?

If the infection is successful, then this ransomware will spring into action and begin encrypting your files. It may spread to other computers if they are linked via a server. It should generate unique encryption and decryption keys. However, the decryption key is most likely sent to a remote server and stored until you pay the ransom. The encryption algorithm used in this ransomware is unknown, but one thing is for sure — it is strong and has not been cracked yet.

Once it finishes encrypting your files, it will drop a ransom note named “readme_txt.” Note that there will be a separate note for each encrypted file. Also, it is worth mentioning that BitPaymer Ransomware appends the encrypted files with a custom “.locked” extension. As mentioned in the introduction, this ransomware demands that you pay a whopping 50 BTC (135,000 USD) ransom. To receive the decryption key, you are ordered to follow a link provided in the note. It requires you to install the Tor browser and follow the instructions provided in another link. However, the link is valid for 72 hours only after which you will be unable to decrypt your company’s files. The deadline is set to compel you to pay the ransom at once. However, we want to want you that the cyber crooks might not keep their end of the deal and send you the decryption tool and key after paying this large sum of money.

How do I remove BitPaymer Ransomware?

You have to assess the risk and consider the possibility that you may not get the decryption tool and key. 135,000 USD is a lot of money that may not be worth your files. However, the choice is up to you. If you want to remove this malware, then we recommend using an anti-malware program called SpyHunter. However, if you want to delete it manually, then follow the guide provided below.

Manual Removal Guide

  1. Press Window+E keys.
  2. In the address box of File Explorer, type the following file paths and hit Enter.
    • %USERPROFILE\Downloads
    • %USERPROFILE\Desktop
    • %TEMP%
  3. Locate the malicious file, right-click it and click Delete.
  4. Then, go to %LOCALAPPDATA%\{random 3-7 letters}
  5. Locate and delete the malicious executable.
  6. Lastly, go to %UserProfile%\Local Settings\Application Data\{random 3-7 letters}
  7. Locate and delete the malicious executable.
  8. Empty the Recycle Bin. 100% FREE spyware scan and
    tested removal of BitPaymer Ransomware*

Leave a Comment

Enter the numbers in the box to the right *