Hey you,

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:

Remove KeyBTC Ransomware and Restore .keybtc@inbox_com Encrypted Files


An old ransomware seems to have emerged once again. KeyBTC is the name of this ransomware as it appends the extension .keybtc@inbox_com to encrypted files. To remove the ransomware and see if you can restore your files, you should carefully read this article throughout.

Threat Summary

Name KeyBTC
Type Ransomware
Short Description The ransomware encrypts files with RSA/PGP algorithms and asks for payment via email.
Symptoms Specific file types are encrypted. Two files are created on the user’s desktop – File1.bin and File2.bin along with a .txt file with instructions for paying the ransom.
Distribution Method Spam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by KeyBTC


Malware Removal Tool

User Experience Join Our Forum to Discuss KeyBTC.

KeyBTC Ransomware – Distribution Ways

KeyBTC ransomware is distributed with the help of spam emails that look as legitimate postal or shipment notifications. The emails themselves cannot infect your PC alone, but have file attachments with the ransomware inside. The attachments are .Zip file type archives. The contents of those archives are JavaScript files disguised as normal Word documents.

It is unknown if exploit kits or social media are used to further help in the distribution of this ransomware, but it is a possibility. File sharing services might contain such files as well. If something looks suspicious and you are not one hundred percent sure of its origin, do not open it. At least that is the general rule of thumb.

KeyBTC Ransomware – Description

The KeyBTC malware is a known ransomware. The legend goes that it used to target only Russian speaking countries. Alas, in late 2014 it began infecting users worldwide. Still spiraling to this day, it is not one of the most dangerous ransomware types, but it is quite effective. KeyBTC nowadays might have evolved and try making entries in the Windows Registry as other ransomware. This maneuver is done to keep malware’s persistence while loading with each boot of the Windows OS.

What makes this ransomware effective and still viable to this day is that it encrypts important files, which are still the most popular types of files used to store personal information. Another thing is that everything but the public encryption key is not sent anywhere and only known by the malware maker.

KeyBTC will put all encrypted files inside two other files which are stored in the user’s computer. They are given these simple names:

  • File1.bin
  • File2.bin

A third file is created, containing the ransomware instructions. The file is named READ with capital letters. You can see its contents here:


The instructions state:


All your documents, photos, databases and other important personal files were encrypted using strong RSA-1024 algorithm with a unique key. If you want to restore your files please follow the instructions:
1. Send email to keybtc_@_inbox.com, with the following files in attachment:
– FILE1.BIN and FILE2.BIN files (check your desktop and local disks to find these files or just use Windows Search.
– One of your encrypted personal file for test decryption. Supported types: DOC/DOCX, JPG/JPEG, PDF. Maximum file size: 3 Mb.
2. Wait for email from us containing:
– Your decrypted file, proving that we can really help you.
– Decryption price and payment details.
3. Make payment.
4. Receive decryption key and detailed instructions how to decrypt your files.
– You must contact us in 24 hours, unless the price will rise.
– Nobody can help you except us. It is useless to reinstall Windows, rename files, etc.
– Your files will be decrypted as quick as you contact us and make payment.

If you have any question, please feel free to ask.

Contact email: keybtc_@_inbox.com

Paying up is strongly unadvised. You might be unable to unlock your files in the end, but also, might not be contacted back by the cyber crooks at all. That could serve as an inspiration to them to make the ransomware tougher.

The KeyBTC ransomware is really specific as it scans infected computers for only 17 file types. Nonetheless, they are still the most widely used file types used by Windows users on a global scale. The encryption is a combination of PGP and RSA using open source and free software to achieve it. For the time being, this is the known list of extensions which are encrypted:

→.pdf, .rtf, .accdb, .slddrw, .zip, .rar, .max, .jpg, .mdb, .xls, .xlsx, .doc, .docx, .cdr, .dwg, .1cd, .cd

After the encryption, all files have the extension .keybtc@inbox_com, which is also the email you are instructed to contact the ransomware creators. Shadow Volume Copies might not be of much use here, as files are not only encrypted but put into the .bin files mentioned earlier and not deleted as other ransomware types tend to do.

Remove KeyBTC Ransomware and Restore .keybtc@inbox_com Encrypted Files

If your PC is infected by the KeyBTC ransomware, you should have a bit experience with removing malware. You should consider removing the malware as it might reach other files if you connect to a network or an external storage device. The recommended course of action is for you to remove the ransomware by following the step-by-step instructions provided down here.

Manually delete KeyBTC from your computer

Note! Substantial notification about the KeyBTC threat: Manual removal of KeyBTC requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove KeyBTC files and objects.
2. Find malicious files created by KeyBTC on your PC.
3. Fix registry entries created by KeyBTC on your PC.

Automatically remove KeyBTC by downloading an advanced anti-malware program

1. Remove KeyBTC with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by KeyBTC in the future
3. Restore files encrypted by KeyBTC
Optional: Using Alternative Anti-Malware Tools

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.