'5btc@protonmail.com' Ransomware
The '5btc@protonmail.com' Ransomware is an encryption ransomware Trojan, designed to take the victims' files hostage and then demand a ransom payment. To take the victim's files hostage, the '5btc@protonmail.com' Ransomware encrypts them using AES encryption, which makes them inaccessible. The '5btc@protonmail.com' Ransomware is a variant of the GusLocker Ransomware, released on October 24, 2018. The '5btc@protonmail.com' Ransomware was released a few weeks after its predecessor. The '5btc@protonmail.com' Ransomware, like most encryption ransomware Trojans, is distributed using corrupted spam email attachments.
How the '5btc@protonmail.com' Ransomware Infects a Computer
There is not much to differentiate the '5btc@protonmail.com' Ransomware from the many other encryption ransomware Trojans being used to compromise the victims' files currently. The '5btc@protonmail.com' Ransomware is virtually identical to its predecessor, GusLocker, with updates to its code and encryption routines. However, its basic attack is identical. The '5btc@protonmail.com' Ransomware uses the AES encryption to compromise the victim's data, targeting the user-generated files such as files with the file extensions listed below:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The '5btc@protonmail.com' Ransomware marks the compromised data with the file extension '.bip,' added to the end the file's name. The '5btc@protonmail.com' Ransomware will then deliver a ransom note in the form of an HTML file named 'ALL YOUR FILES LOCKED!.html.' The following is the text of the '5btc@protonmail.com' Ransomware ransom note:
'ALL YOUR FILES LOCKED!
YOUR PID:[random characters]
YOUR PERSONAL EMAIL: 5BTC@PROTONMAIL.COM
WHAT NOW?
Email us
Write your ID at title of mail and country at body of mail and wait answer.
You have to pay some bitcoins to unlock your files!
DON'T TRY DECRYPT YOUR FILES!
If you try to unlock your files. you may lose access to them!
REMEMBER!
No one can guarantee you a 100% unlock except us!
How to buy bitcoin'
Dealing with a '5btc@protonmail.com' Ransomware Infection
The '5btc@protonmail.com' Ransomware provides the victims with various instructions in its ransom note. However, instead of complying with the criminals' demands, computer users should make sure that they have the means to restore any files that become compromised by the '5btc@protonmail.com' Ransomware Trojan attack. Unfortunately, when threats like the '5btc@protonmail.com' Ransomware attack the computer files, they may not be recoverable without having the decryption key required. Therefore, the best protection against threats like the '5btc@protonmail.com' Ransomware is to have backup copies of all files and store these backups on the cloud or another safe device. Having backups ensures that computer users can respond to a '5btc@protonmail.com' Ransomware infection by restoring the compromised data from the backup copy instead of complying with the criminals' demands. Apart from file backups, PC security researchers strongly advise the use of a security program that is always fully up-to-date.
