Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove BitCoinrush Ransomware and Restore “id” Encrypted Files

shutterstock_152253701Ransomware variant belonging to the notorious ID kind has been detected out in the wild by security experts. The virus is associated with the e-mail bitcoinrush@aol.com since it uses it as the extension and the only mean of communicating with the victims, since BitCoinrush does not drop any what so ever ransom notes or instructions, leaving contacting the e-mail address the only option for victims. No matter how bad the situation may be, it is strongly advised not to pay any ransom money to cyber-criminals behind the BitCoinrush ransomware virus, since researchers are working on a free decrypter for this family of ransomware viruses. Instead of paying we strongly advise you to read this article, learn more about BitCoinrush Ransomware, remove it and try to restore the “id” encoded files.

Threat Summary

Name BitCoinrush
Type Ransomware
Short Description The BitCoinRush ransomware uses strong cipher to encrypt files and separate them in two parts.
Symptoms BitCoinrush will lock all of the files with a custom file extension which contains the e-mail bitcoinrush@aol.com and unique ID of the victim. Encrypted files can no longer be accessed.
Distribution Method Spam Emails, Email Attachments, Suspicious Sites
Detection Tool See If Your System Has Been Affected by BitCoinrush

Download

Malware Removal Tool

User Experience Join Our Forum to Discuss BitCoinrush Ransomware

How Does BitCoinrush Ransom Virus Replicate

In order to infect victim PCs, this virus may choose amongst several different tools:

The cyber-criminals behind BitCoinrush tend to spend a lot of money to conceal themselves and to purchase malware of the highest quality. Here comes the term RaaS (Ransomware-as-a-Service) which means that this virus may be sold on the deep web for prices ranging from hundreds to the thousands of dollars.

The malware is then modified, and its payload is obfuscated via the above-mentioned tools. The most often method of spreading it is via spam e-mails which resemble a product, service or a person, the user may be familiar with, like PayPal, FedEx or others.

BitCoinrush Ransomware In Details

As soon as the dropper or drive-by download is activated on the computer, the ransomware may drop its payload In several key Windows folders under different names, for example:

commonly used file names and folders

Then, BitCoinrush may get straight to the file encryption point. This ransomware directly begins to encipher files of different file formats. The files it may encrypt are Videos, Databases, Archives and other file extensions, for example:

“PNG .PSD .TGA .THM .TIF .TIFF .YUV .AI .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF ..XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG” Source:fileinfo.com

After it encrypts the files, BitCoinrush interestingly enough conceals the original file after which leaves a “part” type of file whose hex is full of zeroes, which is a mystery to malware researchers since you cannot decrypt a partial file. The encoded files look like the following:

{UNIUQE ALPHA NUMERICAL ID}.id-UNIQUE NUMBER-bitcoinrush@aol.comFilename.jpg

Interestingly enough there are no new ransom notes added by BitCoinrush Ransomware, only the e-mail address in which upon contact, the cyber-crooks behind it may initiate negotiations for the ransom payoff with the victim. The payoff is usually conducted in the cryptocurrency BitCoins to which the cyber-criminals may provide instructions on how to use websites to convert money in BTC and send them to their unique BitCoin account. Despite this, users are strongly advised not to make any type of payment to criminals and try and negotiate the free decryption of at least one file under the pretext it is a guarantee. This file may then be used in combination with decryptor developed by malware researchers which can revert your files for free.

Remove BitCoinrush Ransomware and Restore Encoded Files

To delete this virus in full, we strongly suggest you guide yourself by the removal instructions which we have kindly provided below. They also include photos to simplify the task of finding malicious objects created by BitCoinrush Ransomware on your computer.

To try and restore files encrypted by BitCoinrush ransomware, direct encryption may not be your best bet. This is because this virus has .part files similar to .PLC Ransomware. This is a new tendency which is a defensive mechanism against file decryption software. This is why we suggest trying alternative methods like the ones we suggested in step “3. Restore files encrypted by BitCoinrush” below to try and go around the riskier direct decryption path.

Manually delete BitCoinrush from your computer

Note! Substantial notification about the BitCoinrush threat: Manual removal of BitCoinrush requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove BitCoinrush files and objects.
2. Find malicious files created by BitCoinrush on your PC.
3. Fix registry entries created by BitCoinrush on your PC.

Automatically remove BitCoinrush by downloading an advanced anti-malware program

1. Remove BitCoinrush with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by BitCoinrush in the future
3. Restore files encrypted by BitCoinrush
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.