Ransomware variant belonging to the notorious ID kind has been detected out in the wild by security experts. The virus is associated with the e-mail [email protected] since it uses it as the extension and the only mean of communicating with the victims, since BitCoinrush does not drop any what so ever ransom notes or instructions, leaving contacting the e-mail address the only option for victims. No matter how bad the situation may be, it is strongly advised not to pay any ransom money to cyber-criminals behind the BitCoinrush ransomware virus, since researchers are working on a free decrypter for this family of ransomware viruses. Instead of paying we strongly advise you to read this article, learn more about BitCoinrush Ransomware, remove it and try to restore the “id” encoded files.
Threat Summary
| Name | BitCoinrush |
| Type | Ransomware |
| Short Description | The BitCoinRush ransomware uses strong cipher to encrypt files and separate them in two parts. |
| Symptoms | BitCoinrush will lock all of the files with a custom file extension which contains the e-mail [email protected] and unique ID of the victim. Encrypted files can no longer be accessed. |
| Distribution Method | Spam Emails, Email Attachments, Suspicious Sites |
| Detection Tool | See If Your System Has Been Affected by BitCoinrush Download Malware Removal Tool |
| User Experience | Join Our Forum to Discuss BitCoinrush Ransomware |
| Data Recovery Tool | Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive. |
How Does BitCoinrush Ransom Virus Replicate
In order to infect victim PCs, this virus may choose amongst several different tools:
- Spam bots or spamming services.
- Payload droppers or other malware.
- Malware obfuscators otherwise known as cryptors that hide the malware from AntiVirus software.
- Manual spamming methods (e-mail, comments, forums, social media).
The cyber-criminals behind BitCoinrush tend to spend a lot of money to conceal themselves and to purchase malware of the highest quality. Here comes the term RaaS (Ransomware-as-a-Service) which means that this virus may be sold on the deep web for prices ranging from hundreds to the thousands of dollars.
The malware is then modified, and its payload is obfuscated via the above-mentioned tools. The most often method of spreading it is via spam e-mails which resemble a product, service or a person, the user may be familiar with, like PayPal, FedEx or others.
BitCoinrush Ransomware In Details
As soon as the dropper or drive-by download is activated on the computer, the ransomware may drop its payload In several key Windows folders under different names, for example:
Then, BitCoinrush may get straight to the file encryption point. This ransomware directly begins to encipher files of different file formats. The files it may encrypt are Videos, Databases, Archives and other file extensions, for example:
After it encrypts the files, BitCoinrush interestingly enough conceals the original file after which leaves a “part” type of file whose hex is full of zeroes, which is a mystery to malware researchers since you cannot decrypt a partial file. The encoded files look like the following:
Interestingly enough there are no new ransom notes added by BitCoinrush Ransomware, only the e-mail address in which upon contact, the cyber-crooks behind it may initiate negotiations for the ransom payoff with the victim. The payoff is usually conducted in the cryptocurrency BitCoins to which the cyber-criminals may provide instructions on how to use websites to convert money in BTC and send them to their unique BitCoin account. Despite this, users are strongly advised not to make any type of payment to criminals and try and negotiate the free decryption of at least one file under the pretext it is a guarantee. This file may then be used in combination with decryptor developed by malware researchers which can revert your files for free.
Remove BitCoinrush Ransomware and Restore Encoded Files
To delete this virus in full, we strongly suggest you guide yourself by the removal instructions which we have kindly provided below. They also include photos to simplify the task of finding malicious objects created by BitCoinrush Ransomware on your computer.
To try and restore files encrypted by BitCoinrush ransomware, direct encryption may not be your best bet. This is because this virus has .part files similar to .PLC Ransomware. This is a new tendency which is a defensive mechanism against file decryption software. This is why we suggest trying alternative methods like the ones we suggested in step “3. Restore files encrypted by BitCoinrush” below to try and go around the riskier direct decryption path.
Manually delete BitCoinrush from your computer
Note! Substantial notification about the BitCoinrush threat: Manual removal of BitCoinrush requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.
1. For Windows 7,XP and Vista.
2. For Windows 8, 8.1 and 10.
Automatically remove BitCoinrush by downloading an advanced anti-malware program
1. Install SpyHunter to scan for and remove BitCoinrush.
1. For Windows 7 and earlier
STOPZilla Anti Malware
