Bitshifter Ransomware

The Bitshifter Ransomware is an encryption ransomware Trojan that is used by con artists to extort computer users. Like other encryption ransomware Trojans, the Bitshifter Ransomware will encrypt its victims' files to demand a ransom payment from them. Because ransomware Trojans like the Bitshifter Ransomware use strong encryption algorithms to encrypt victims' files, it is necessary for computer users to take preventive measures; once the victim's files have been encrypted, it may be no longer possible to recover the affected files.

The Bitshifter Ransomware Doesn’t Belong to a Know Ransomware Family

Ransomware Trojans like the Bitshifter Ransomware will encrypt the user-generated files while leaving the victim's operating system functional. This way, the victim can use the infected computer to carry out a ransom payment that should be made via Bitcoins to a specific Bitcoin wallet associated with the con artists. The Bitshifter Ransomware seems to be created by independent con artists and is not a variant of an open source ransomware Trojan platform like EDA2 or HiddenTear. The Bitshifter Ransomware also does not seem to be part of a larger RaaS (Ransomware as a Service). The Bitshifter Ransomware is being delivered using a typical method, which involves sending corrupted Microsoft Word documents to victims. These corrupted documents will include bad scripts that download and install the Bitshifter Ransomware onto the victim's computer when the victim opens the document. To ensure that the victim opens the document, it will be included as an attachment to a spam email message that uses social engineering to trick the computer user into believing that the file attachment is an invoice or another important document.

The Communication Method Used by the Bitshifter Ransomware is not Common

There is little to differentiate the Bitshifter Ransomware from the numerous other encryption ransomware Trojans active currently, except for a slight tweak to the way the Bitshifter Ransomware communicates with its Command and Control servers. The Bitshifter Ransomware implements a WebSocket connection in its communication, not seen in many other ransomware Trojans. This allows the Bitshifter Ransomware to relay information in real time with the people responsible for the Bitshifter Ransomware attack, making the encryption process much faster than comparable ransomware Trojans. Apart from encrypting the victims' files, PC security analysts have noted that the Bitshifter Ransomware has some spy Trojan capabilities, which allow it to collect information from the victim's computer, scanning the victim's Web browser and Windows for security certificates, passwords, usernames, and other sensitive data. On infected computers, the Bitshifter Ransomware will run as the executable file 'launcher.exe' and carry out an attack that's typical of these infections, using the AES encryption to make the victim's files inaccessible and then demanding payment of a ransom.

Dealing with the Bitshifter Ransomware’s Ransom Demands

After encrypting the victim's files, the Bitshifter Ransomware will demand a ransom payment. To do this, the Bitshifter Ransomware will drop a text file on the infected computer's desktop. This file, named 'ARE_YOU_WANNA_GET_YOUR_FILES_BACK.txt' includes instructions on how to pay the ransom and buy Bitcoins. The ransom associated with the Bitshifter Ransomware can vary greatly, starting as low as $260 USD and as high as $1400 USD. However, regardless of the amount, PC security researchers strongly advise computer users to refrain from paying the Bitshifter Ransomware ransom. It is not common for con artists to keep their promise to restore the affected files after the victim has completed the money transfer. Furthermore, they may ask for more money or target that particular victim for future threat attacks. Another important thing to remember when considering payment is that paying these ransoms allows these people to develop and release more threats like the Bitshifter Ransomware. Because of this, it is instead recommended that computer users take preventive measures to protect their data. The best protection against threats like the Bitshifter Ransomware is to have file backups on an external memory device. Having these allows computer users recover their files on their own, without having to rely on the people providing the decryption key.