Bhtw Ransomware
Cybersecurity researchers have recently uncovered a new ransomware threat, the Bhtw Ransomware. Like other ransomware strains, Bhtw encrypts files on the victim's computer once it infiltrates the system. This malicious software alters the original filenames by appending the '.bhtw' extension to them. For instance, a file named '1.pdf' would be transformed into '1.pdf.bhtw', while '2.doc' would be renamed as '2.doc.bhtw', and so forth. Alongside file encryption, Bhtw generates a ransom note in the form of a text file titled '_readme.txt' on the compromised device.
It is noteworthy that the Bhtw Ransomware is affiliated with the STOP/Djvu ransomware family. Consequently, it suggests the possibility of additional pernicious software threats being installed on the breached devices. Indeed, operators behind the STOP/Djvu variants have been observed incorporating information stealers like RedLine and Vidar into infected systems as well.
The Bhtw Ransomware Locks A Wide Range Of Files And Demands Ransom Payment
The ransom note found in the attack contains crucial information regarding communication with the attackers and their demands for a ransom payment. Victims are specifically instructed to establish contact with the attackers through designated email addresses - 'support@freshmail.top' or 'datarestorehelp@airmail.cc.' By reaching out to these email addresses, victims can receive further instructions on how to obtain the necessary decryption software and key to recover their encrypted data.
The ransom amount specified in the note varies, ranging from $490 to $980. The exact ransom fee depends on whether victims initiate contact with the attackers within a specified initial period of 72 hours or after that timeframe has elapsed. Additionally, the note mentions the possibility of decrypting one file at no cost, provided it is deemed to lack valuable or sensitive information.
However, it is crucial to note that paying a ransom to threat actors is strongly discouraged. There is no guarantee that the attackers will fulfill their promises and provide the necessary decryption tools, even after receiving the payment. It is a risk that victims should carefully consider before proceeding. Furthermore, it is important to understand that many ransomware threats have the capability to spread and encrypt data on other machines connected to the same local network. Therefore, it is highly advisable to take immediate action to remove the ransomware from affected operating systems in order to prevent further encryption of valuable data and to mitigate potential damage.
Protecting Your Data from Ransomware Threats and Malware is Essential
To effectively protect their devices and data from ransomware threats, users can adopt a comprehensive approach that encompasses several key practices.
Regular Software Updates: Ensuring that all software, operating systems, and applications are regularly updated with the latest security patches and fixes helps address vulnerabilities that ransomware can exploit.
Vigilant Browsing Habits: Users should exercise caution when browsing the internet, avoiding suspicious websites, clicking on unfamiliar links, or downloading files from untrusted sources. Adopting safe browsing practices minimizes the risk of inadvertently downloading ransomware.
Robust Password Management: Users should create strong, unique passwords for all their accounts and consider implementing two-factor authentication (2FA) whenever possible. This makes the security stronger and reduces the likelihood of unauthorized access.
Data Backup: Regularly backing up important data to external storage devices or secure cloud platforms is critical. In the event of a ransomware attack, having up-to-date backups ensures the ability to restore data without succumbing to ransom demands.
Reliable Security Software: Installing reputable antivirus or anti-malware software on devices provides an additional layer of protection against ransomware. Regularly updating and running security scans helps detect and mitigate potential threats.
Prompt Response: In the unfortunate event of a ransomware attack, it is crucial to respond promptly. Isolating infected devices from the network and seeking professional assistance can help contain the spread of the ransomware and minimize damage.
By adopting these comprehensive measures, users can significantly lower the risk of falling victim to ransomware attacks and safeguard their devices and data from potential harm.
The ransom note generated by Bhtw Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-vKvLYNOV9o
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
