Remove KeyBTC Ransomware and Restore .keybtc@inbox_com Encrypted Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove KeyBTC Ransomware and Restore [email protected]_com Encrypted Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by KeyBTC and other threats.
Threats such as KeyBTC may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

STF-keybtc-key-btc-ransomware-read-txt-ransom-note-instructions

An old ransomware seems to have emerged once again. KeyBTC is the name of this ransomware as it appends the extension [email protected]_com to encrypted files. To remove the ransomware and see if you can restore your files, you should carefully read this article throughout.

Threat Summary

NameKeyBTC
TypeRansomware
Short DescriptionThe ransomware encrypts files with RSA/PGP algorithms and asks for payment via email.
SymptomsSpecific file types are encrypted. Two files are created on the user’s desktop – File1.bin and File2.bin along with a .txt file with instructions for paying the ransom.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by KeyBTC

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss KeyBTC.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

KeyBTC Ransomware – Distribution Ways

KeyBTC ransomware is distributed with the help of spam emails that look as legitimate postal or shipment notifications. The emails themselves cannot infect your PC alone, but have file attachments with the ransomware inside. The attachments are .Zip file type archives. The contents of those archives are JavaScript files disguised as normal Word documents.

It is unknown if exploit kits or social media are used to further help in the distribution of this ransomware, but it is a possibility. File sharing services might contain such files as well. If something looks suspicious and you are not one hundred percent sure of its origin, do not open it. At least that is the general rule of thumb.

KeyBTC Ransomware – Description

The KeyBTC malware is a known ransomware. The legend goes that it used to target only Russian speaking countries. Alas, in late 2014 it began infecting users worldwide. Still spiraling to this day, it is not one of the most dangerous ransomware types, but it is quite effective. KeyBTC nowadays might have evolved and try making entries in the Windows Registry as other ransomware. This maneuver is done to keep malware’s persistence while loading with each boot of the Windows OS.

What makes this ransomware effective and still viable to this day is that it encrypts important files, which are still the most popular types of files used to store personal information. Another thing is that everything but the public encryption key is not sent anywhere and only known by the malware maker.

KeyBTC will put all encrypted files inside two other files which are stored in the user’s computer. They are given these simple names:

  • File1.bin
  • File2.bin

A third file is created, containing the ransomware instructions. The file is named READ with capital letters. You can see its contents here:

STF-keybtc-key-btc-ransomware-read-txt-ransom-note-instructions

The instructions state:

ATTENTION:

All your documents, photos, databases and other important personal files were encrypted using strong RSA-1024 algorithm with a unique key. If you want to restore your files please follow the instructions:
1. Send email to [email protected]_inbox.com, with the following files in attachment:
– FILE1.BIN and FILE2.BIN files (check your desktop and local disks to find these files or just use Windows Search.
– One of your encrypted personal file for test decryption. Supported types: DOC/DOCX, JPG/JPEG, PDF. Maximum file size: 3 Mb.
2. Wait for email from us containing:
– Your decrypted file, proving that we can really help you.
– Decryption price and payment details.
3. Make payment.
4. Receive decryption key and detailed instructions how to decrypt your files.
IMPORTANT:
– You must contact us in 24 hours, unless the price will rise.
– Nobody can help you except us. It is useless to reinstall Windows, rename files, etc.
– Your files will be decrypted as quick as you contact us and make payment.

If you have any question, please feel free to ask.

Contact email: [email protected]_inbox.com

Paying up is strongly unadvised. You might be unable to unlock your files in the end, but also, might not be contacted back by the cyber crooks at all. That could serve as an inspiration to them to make the ransomware tougher.

The KeyBTC ransomware is really specific as it scans infected computers for only 17 file types. Nonetheless, they are still the most widely used file types used by Windows users on a global scale. The encryption is a combination of PGP and RSA using open source and free software to achieve it. For the time being, this is the known list of extensions which are encrypted:

→.pdf, .rtf, .accdb, .slddrw, .zip, .rar, .max, .jpg, .mdb, .xls, .xlsx, .doc, .docx, .cdr, .dwg, .1cd, .cd

After the encryption, all files have the extension [email protected]_com, which is also the email you are instructed to contact the ransomware creators. Shadow Volume Copies might not be of much use here, as files are not only encrypted but put into the .bin files mentioned earlier and not deleted as other ransomware types tend to do.

Remove KeyBTC Ransomware and Restore [email protected]_com Encrypted Files

If your PC is infected by the KeyBTC ransomware, you should have a bit experience with removing malware. You should consider removing the malware as it might reach other files if you connect to a network or an external storage device. The recommended course of action is for you to remove the ransomware by following the step-by-step instructions provided down here.

Note! Your computer system may be affected by KeyBTC and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as KeyBTC.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove KeyBTC follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove KeyBTC files and objects
2. Find files created by KeyBTC on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by KeyBTC

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...