Threat Database Ransomware BitPyLock Ransomware

BitPyLock Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 1
First Seen: January 19, 2011
Last Seen: March 6, 2020
OS(es) Affected: Windows

BitPyLock Ransomware Image

Cybercriminals worldwide have acquired quite a taste for ransomware threats since they are often perceived as an easy way to generate revenue and a rather safe method of tricking innocent users because there are rarely any negative repercussions for perpetrators. The BitPyLock Ransomware is one of the latest data-locking Trojans spotted circulating the Web. So far, it would appear that the BitPyLock Ransomware is targeting businesses mainly and not regular users. However, this does not mean that the attackers will not change their approach and opt to attack regular users in the future.

This Week in Malware Ep7: Bitpylock Ransomware Phishing Campaigns

Propagation and Encryption

The BitPyLock Ransomware is likely being propagated via bogus emails. Cybercriminals often mask spam emails as important messages from the government or a large corporation. Such fake emails tend to contain a fraudulent message and a corrupted attachment. If the targets execute the corrupted attached file, their systems will be infiltrated by the BitPyLock Ransomware. Upon compromising a target, the BitPyLock Ransomware will scan the data present on the victim's system. Next, the BitPyLock Ransomware will trigger its encryption process and lock all the targeted data. Rest assured that all commonly used file types will be locked by this threat swiftly – documents, presentations, databases, archives, spreadsheets, images, audio files, etc. All the encrypted files will have a new extension added to their filenames - '.bitpy.' For example, a file that was named 'silver-line.mp3' initially will be renamed to 'silver-line.mp3.bitpy' as soon as the BitPyLock Ransomware has completed its encryption process.

The Ransom Note

The BitPyLock Ransomware will drop its ransom note on the user' desktop named '# HELP_TO_DECRYPT_YOUR_FILES #.html.' The criminals explain to the users that their data has been encrypted securely, and if they want to recover their files, they will have to cooperate. Oftentimes, authors of ransomware claim that victims who attempt to unlock their files with a free decryption tool will instead end up damaging them. The attackers demand the payment be in Bitcoin as using a cryptocurrency instead of conventional payment methods helps cyber crooks protect their identity and avoid punishment for their crimes. The ransom fee in the case of the BitPyLock Ransomware is 0.8 Bitcoin (about $6,300 when this article was written). As means of communication, the creators of the BitPyLock Ransomware have provided an email address - ‘' To prove to victims that they are capable of reversing the damage, the attackers are willing to decrypt one file free of charge. In an attempt to put extra pressure on the victim, the attackers claim that unless the payment is processed within 72 hours, they will wipe out the decryption key the victim to recover their data.

We advise you against paying cyber crooks, no matter what they promise to provide you with in return. Most victims of ransomware who pay the fee demanded are left empty-handed because as soon as the attackers receive the payment, they lose interest in cooperating with the user. You should consider investing in a genuine anti-virus software suite that will not only remove the BitPyLock Ransomware from your computer but also will make sure you do not get infected again.


Most Viewed