Threat Database Ransomware Btos Ransomware

Btos Ransomware

The STOP Ransomware is one of the Internet’s most prolific ransomware families. In 2019 alone, cybercriminals have developed over 200 copies of this nasty Trojan. With the coming of 2020, there have been several new variants of the STOP Ransomware uncovered. Among the newest ones is the Btos Ransomware.

Propagation and Encryption

The creators of the Btos Ransomware have made sure this threat is capable of affecting a long list of filetypes. This means that as soon as the Btos Ransomware sneaks into a system, all the documents, images, archives, videos, audio files, databases, and other files will be locked with the help of a secure encryption algorithm. Spam email campaigns are undoubtedly among the most popular infection vectors. Usually, the targeted user will be sent an email from what seems to be a legitimate company or a government institution. The email would consist of a fake message written with the help of various social engineering techniques and a macro-laced attachment whose purpose is to infect the user’s system. Bogus application updates and downloads, pirated media, and software, malvertising campaigns are among other commonly utilized distribution methods. All the files locked by the Btos Ransomware will get an additional extension at the end of their filename. This ransomware threat appends a ‘.btos’ extension. For example, a file called ‘bright-light.mp4’ will be renamed to ‘bright-light.mp4.btos’ after the encryption process has been completed.

The Ransom Note

Just like most data-locking Trojans, the Btos Ransomware will drop a ransom note on the victim’s system. The file that contains the attackers’ message is named ‘_readme.txt.’ In the note, the authors of the Btos Ransomware state that they have locked the user’s data, and they would require payment in exchange for a decryption key that will help the victim recover their files. For users who contact the attackers within 72 hours of the attack taking place, the ransom fee is $490. However, victims not meet the deadline will have to pay double the fee - $980. To prove to the user that they have a decryption tool that is fully functioning, the creators of the Btos Ransomware offer to unlock one file for free. To process the payment, the victim has to get in touch with the attackers via email. Two email addresses have been provided for this purpose – ‘’ and ‘’

Malware experts warn users against trusting cyber crooks like the individuals who have developed the Btos Ransomware. Cybercriminals are not famous for their honesty, and their promises are not to be trusted. Even if you pay the ransom fee, it is not likely that you will receive the decryption tool you need. This is why, instead, you should look into obtaining a genuine anti-malware tool that will remove this threat from your computer and keep you safe in the future.

Btos Ransomware Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

Related Posts


Most Viewed