BitStak Ransomware
The BitStak Ransomware is a ransomware encryption Trojan that is used to make money by taking the victims' files hostage and then demanding the payment of a ransom. The BitStak Ransomware encrypts the victim's files, changing the files' names to random letters of up to eleven characters and adding the extension '.BITSTACK' to each encrypted file. After encrypting the victim's files, the BitStak Ransomware displays a lock screen with instructions on how to pay the ransom. Computer users should avoid paying the BitStak Ransomware ransom, especially because there is a decryptor available for the BitStak Ransomware and its variants.
How can you Acquire the BitStak Ransomware Infection?
The BitStak Ransomware may be distributed using typical threat distribution methods, such as corrupted email attachments, fake downloads found on peer-to-peer file-sharing networks, or through the use of other types of threats. Once the BitStak Ransomware has entered a computer, the BitStak Ransomware encrypts and renames the victim's files. The BitStak Ransomware will target specific file paths and file types. The following are the directories that the BitStak Ransomware targets in its attack:
C:/Program Files/
C:/Program Files (x86)/
C:/Users/ + UserName + /AppData/Roaming/
C:/Users/ + UserName + /Documents/
C:/Users/ + UserName + /Downloads/
C:/Users/ + UserName + /Videos/
C:/Users/ + UserName + /Music/
C:/Users/ + UserName + /Pictures/
C:/Users/ + UserName + /Desktop/
D:/
E:/
F:/
G:/
I:/
J:/
K:/
This allows the BitStak Ransomware to avoid critical system files that would prevent Windows from running while at the same time making items unavailable to the victim. Take note that the BitStak Ransomware will target all drives connected to the infected computer, making it necessary to have backups on an off-site location. The following are the file types that the BitStak Ransomware targets in its attack:
.txt, .doc, .exe, .dat, .bat, .vb, .zip, .7z, .rar, .jar, .mp3, .wav, .save, .mp4, .cfg, .flv, .php, .com, .db, .bin, .reg.
The BitStak Ransomware is written in a poorly worded English, making it apparent that the BitStak Ransomware was developed in a non-English-speaking country (most probably Russia). According to the BitStak Ransomware's ransom note, the ransom payment is 40 Euro in BitCoins. This is a substantially smaller amount than is usually demanded by these infections, which tend to ask for hundreds or even thousands of Euros. This move towards small transactions (which may encourage victims to pay more readily) has been observed in recent months. Th full text of the BitStak Ransomware's ransom note is displayed below:
'Your all files are locked and encrypted with a strong encryption method. You cannot get your files back without paying. We expect you to make payment in 3 days or your files will be permanently deleted.
BitStak
Your all files are locked. To release your files you need to pay a 40 (euro) fee using Bitcoins as a payment method. If you have any external hard-drives plugged, remember to plug them before restoring or you won;t be able to restore them later.'
Protecting Your Computer from the BitStak Ransomware and Homologous Infections
The best protection against threats like the BitStak Ransomware is to have a backup of all files on an external memory device that is not connected to your computer. If computer users can restore their files from a backup, then these attacks, which take the victim's files hostage, will become completely ineffective. You should use common sense and strong security software to prevent threats like the BitStak Ransomware from entering a computer and wreaking havoc in the first place. A reliable anti-malware program that is fully up-to-date, a good anti-spam filter and good security precautions will help intercept the BitStak Ransomware and similar threats. PC security analysts also advise computer users to avoid common risky locations that are associated with threats such as the BitStak Ransomware, file sharing networks or websites with poorly monitored advertising content.
