btc@fros.cc Ransomware

PC security researchers first observed the btc@fros.cc Ransomware, an encryption ransomware Trojan, on October 2, 2018. The btc@fros.cc Ransomware is based both on the Dharma Ransomware and the Crysis Ransomware, two malware families that have seen numerous releases in the last few years. The btc@fros.cc Ransomware's family is a hybrid of both variants. The btc@fros.cc Ransomware is mainly being delivered via spam email messages, which often will use corrupted file attachments with embedded macro scripts to download and install the btc@fros.cc Ransomware onto the victim's computer.

What are the Consequences of a btc@fros.cc Ransomware Attack

The btc@fros.cc Ransomware targets the user-generated files in its attack, which may include a wide variety of images, media files and other document types. The btc@fros.cc Ransomware has as its main targets the file types specified below:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar

The btc@fros.cc Ransomware will rename these files by adding the file extension '.btc' to the file's name and including a contact email address as part of the renamed file's name. The btc@fros.cc Ransomware displays a ransom note, which takes the form of an HTA file named 'Info.hta' and a text file named 'FILES ENCRYPTED.txt.' These files contain the following text message:

'FILES ENCRYPTED.txt' is loaded in the Notepad and features the following text:

'all your data has been locked us
You want to return?
write email btc@fros.cc'

'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail mkgoro@india.com
Writer this ID in the title of your message: [random characters]
In case of no answer in 24 hours write us to these emails: btc@fros.cc
You will have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment, we will send you the decryption tool that will decrypt all your files.'

Protecting Your Data from Threats Like the btc@fros.cc Ransomware

The best protection against threats like the btc@fros.cc Ransomware is to have file backups. Apart from the file backups, PC security researchers strongly advise computer users to have a well-accepted security program that is capable of intercepting threats like the btc@fros.cc Ransomware. Unfortunately, once the btc@fros.cc Ransomware has encrypted the targeted files, they will not be recoverable without the decryption key.