BTCamant Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 11 |
First Seen: | January 4, 2017 |
Last Seen: | August 27, 2020 |
OS(es) Affected: | Windows |
The BTCamant Ransomware is an encryption Trojan that was discovered in the first week of January 2016. An executable that belongs to the BTCamant Ransomware was submitted to the Google's VirusTotal platform and allowed security researchers to look into the development of the BTCamant Ransomware. At the time of writing this, the BTCamant Ransomware is still in development and features a rudimentary control panel that is accessible through CMD only. The version submitted to VT works as a batch file that can be run with a command via CMD.exe on Windows. Some researchers suspect that the engine of the BTCamant Ransomware is developed as a compact batch script and was submitted to VT so that its author can check if it is detected by anti-virus software.
Table of Contents
Released Versions of the BTCamant Ransomware
The initial release used the icon file of the Browser Google Chrome when it was loaded in the memory. That suggests that the distribution campaign for the BTCamant Ransomware may involve fake updates for commonly used Internet clients like Google Chrome, Mozilla Firefox, Opera and Internet Explorer. However, the BTCamant Ransomware can be repacked and arrive on systems as a JavaScript-enabled archive file easily. The practice is not new, and we have seen ransomware such as Alcatraz and Hackerman masked as archives. The sample of the BTCamant Ransomware was submitted to the Korean version of VirusTotal and researchers suspect that the Trojan may be tailored to suit systems in the Southeast Asia region. Threats like the EnkripsiPC Ransomware, the Trochilus RAT, the Korean Ransomware and the Mahasaraswati Ransomware made headlines on local and global news outlets in 2016.
Is the BTCamant Ransomware a Credible Threat?
The BTCamant Ransomware is equipped with a custom AES-128 cipher and can lock every object outside the system folders. This means the BTCamant Ransomware can be applied to server machines and inflict severe damages to online shopping platforms, forums and sites that receive heavy Internet traffic. Enciphered files feature the '.BTC' suffix placed after the original data type. For example, 'Limestone-Mediterranean_sea.db' is transcoded to 'Limestone-Mediterranean_sea.db.BTC'. The '.BTC' suffix may be used as a reference to the Bitcoin digital currency, which is favored among crypto-threat operators. The ransom request comes in two forms 'BTC_DECRYPT_FILES.txt' and 'BTC_DECRYPT_FILES.html'. The 'support staff' for users affected by the BTCamant Ransomware may offer a decryptor if you pay from 0.5 BTC to 2 BTC depending on the volume of data that was enciphered. The message inside 'BTC_DECRYPT_FILES.txt' reads:
'Hello!
For getting back Your PC data You need to contact with us through email as soon as possible: sepas@protonmai1.com , sepast@protonmai1.com'
What the Managers of the BTCamant Ransomware are After
Cybersecurity consultants do not recommend paying the ransom because the operators of campaigns based on encryption Trojans rarely bother to send a decryptor. The aim of ransomware managers is to release waves of spam emails loaded with threats like the BTCamant Ransomware, wait for users to get infected and offer a solution. When you deliver payment in Bitcoins, the payment cannot be refunded and traced to the owner of the wallet address. It is best to use backups to recover from an attack with the BTCamant Ransomware and use a trustworthy anti-malware instrument to remove the BTCamant Ransomware Trojan. AV vendors are known to tag executables related to BTCamant Ransomware as:
- FileCryptor.NKU
- Gen:Variant.Strictor.119198
- Ransom.Cerber
- Ransom:Win32/Genasom!rfn
- Ransom_Genasom.R011C0DLN16
- TR/Crypt.Xpack.hfvft
- Trojan/Win32.Yakes
SpyHunter Detects & Remove BTCamant Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | ASUSWebStorageSyncAgent2.3.0.595.exe.bin | 7e6a7e83bf84d081f4fd8a2c0cb1e32f | 3 |
2. | app.exe | d864d3bf4371dc43bdb5b8c7e24ebd4b | 3 |
3. | Asus Webstorage Upate.exe | 03909af5cf762d31545f622f4f12dc5a | 2 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.