BitPyLock ransomware has focused on targeting businesses over individuals via phishing campaigns
Cybercriminals lean on ransomware as it is seen as an easy way to generate revenue. As this threat continues to exist, BitPyLock ransomware has emerged as one of the latest data-locking Trojans circulating through the Web. So far, it appears that BitPyLock ransomware is targeting businesses mainly and not individuals. However, this does not mean that the attackers will not change their approach and opt to attack people like me and you in the future.
Propagation and Encryption
BitPyLock ransomware is spreading via phishing emails. Cybercriminals often mask these spam emails as important messages from the government or a large corporation. The fake emails generally contain a fraudulent message, and of course, a corrupted attachment.
If the victim executes the corrupted attached file, their computer will be infected with BitPyLock ransomware. Upon infecting the victim’s computer, BitPyLock ransomware will scan the data present on the victim’s system.
Next, BitPyLock ransomware will trigger its encryption process and lock all the targeted data. All commonly used file types will be locked by this threat swiftly – documents, presentations, databases, archives, spreadsheets, images, audio files, etc.
All the encrypted files will have a new extension added to their file names – ‘.bitpy.’ For example, a file that was named ‘silver-line.mp3’ initially will be renamed to ‘silver-line.mp3.bitpy’ as soon as the BitPyLock ransomware has completed its encryption process.
The Ransom Note
BitPyLock ransomware will drop its ransom note on the users desktop in a file named ‘# HELP_TO_DECRYPT_YOUR_FILES #.html.’ The cybercriminals explain to the user that their data has been encrypted securely, and if they want to recover their files, they will have to cooperate.
Oftentimes, authors of ransomware claim that victims who attempt to unlock their files with a free decryption tool will instead end up damaging them. The attackers demand the payment be in Bitcoin as using a cryptocurrency instead of conventional payment methods helps cybercriminals protect their identity and avoid punishment for their crimes.
The ransom fee in the case of BitPyLock ransomware is 0.8 Bitcoin as of spring of 2020. As means of communication, the creators of the BitPyLock ransomware have provided an email address – ‘helpbitpy@cock.li.’
To prove to victims that they are capable of reversing the damage, the attackers are willing to decrypt one file free of charge. In an attempt to put extra pressure on the victim, the attackers claim that unless the payment is processed within 72 hours, they will wipe out the decryption key the victim needs to recover their data.
As with all ransomware threats, we strongly advise against you paying these cybercriminals, no matter what they promise you. Most victims of ransomware who pay the fee demanded are left empty-handed because as soon as the cybercriminals receive the payment, they lose interest in cooperating with the user.
In order to prevent this highly inconvenient outcome, you should consider backing up your files as well as investing in a genuine anti-malware program that will not only remove the BitPyLock ransomware from your computer, but decrease the likelihood that you will get infected in the future.
