Cryptbit 2.0 Ransomware
A new malware tracked as CryptBIT 2. Ransomware has a destructive potential that can leave victims scrambling to find ways to recover their data. The CryptBIT 2. Ransomware is a variant of the CryptBIT Ransomware threat. Indeed, the threat can impact a wide range of file types and render them completely unusable via an encryption process. All impacted files will have '.cryptbit' appended to their names as a new file extension.
Victims of the threat will be left with two different ransom notes. The shorter message will be displayed in an image that the threat places as a desktop background. The proper ransom-demanding message will be dropped inside a text file named 'CryptBIT2.0-restore-files.txt.' The desktop instructions simply tell victims to locate and read the note in the text file. According to the main note, the cybercriminals are running a double-extortion scheme, as they also collect encrypted files. They demand to be paid a ransom, with the money being transferred to the provided crypto-wallet address. Only payments made using Bitcoins will be accepted.
The threat's ransom note warns victims that they have 7 days to contact the threat actors. After that time, the hackers threaten to delete the decryption keys needed for the restoration of the victim's files. The collected data also will supposedly be released to the public.
The full text of CryptBIT 2.0's Ransomware ransom note is:
'Hello!
Now your files are crypted with the strongest millitary algorithms RSA4096 and AES-256.
In addition, all encrypted files have been sent to our server
and in the event of non-payment within 7 days,they will be made public.Warning!
Do not rename encrypted files.
Do not try to decrypt your data using third party software.
You can only do damage to your files, lose your money and time.In order to confirm that we are not scammers, you can send 2-3 files to the email address below.
Files should be less than 5 MB and contain no valuable data (Databases, backups, large excel sheets, etc.).
Please don't forget to write the name of your company in the subject of your e-mail.
You will receive decrypted samples.To recover all files you must contact us for a private quote by the contact email.
You have to pay for decryption in Bitcoins.P.S. Remember, we are not scammers.
We don't need your data or information but after 7 days all files and keys will be deleted automatically.
Write to us immediately after infection
All your files will be restored. We guarantee.Contact email:
cryptbit2.0@protonmail.comBTC wallet:
17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHVHave a nice day
CryptBIT 2.0 ransomware group'
The instructions shown as a desktop background are:
'CRYPTBIT 2.0
ALL YOUR IMPORTANT FILES ARE STOLEN AND ENCRYPTED!All your files are stolen and encrypted for more information see CRYPTBIT2.0-RESTORE-FILES that is located in every encrypted folder.'
