Hit by BitCrypt Ransomware, Solutions?

Example:

“Attention!!!
Your BitCrypt ID:
DRU-88-534567
All necessary files on your PC (photos, documents, data bases and other) were encoded with a unique RSA-100. Decoding of your files ins only possible by a special program that is unique for each BitCrypt ID. Specialist from the computer repair services and anti-virus labs won’t be able to help you. In order to receive the program decryptor you need to follow this link…
Remember, the faster you act the more chances to recover your files undamaged.”

BitCrypt is an encryption utility that would conceal all documents on a target machine within a bitmap image; whereupon, all files would manifest them with extra extensions, such as blabla.jpg.bitcrypt, or blabla.xls.bitcrypt. By encrypting files, BitCrypt ransomware could make profitable income for its author as 0.4 BTC (about $220) is required for each decipher.

BitCrypt Is Easily Broken?

There were some articles reporting that BitCrypt was easily broken since some big mistake had been found by the hacker and claiming that a 128-byte key (1024 bits) was planned to be generated, but instead a 128-digit number was finally generated. It seems to be exciting to hear that “the cado-nfs tool has been used to obtain the encryption key. The experts have also published a Python script that’s designed to restore the encrypted files”; however, words spread. The hacker got to learn about it and quickly pushed a second variant into the market to continue his/her work. One can easily see that the solution to the first variant fails.


How to Decipher Files from BitCrypt Ransomware?

Using decryptors (both BitCrypt and XoristDecryptor) from Kaspersky have been constantly recommended by many online technicians; however, VilmaTech Online Support will not recommend them any longer since numbers of practices had proven that none of them can recover the encrypted data.

What’s worse, there are plenty of methods to decode the base-64 key, it is hard to find the one that matches the one adopted by BitCrypt ransomware. It still needs time for senior technicians specialized in decryption to figure out the final solution.


Do Not Pay BitCrypt Ransomware

Most people would become desperate and prone to pay BitCrypt ransomware, especially the entrepreneurs owning trade secrets. Do not ever innocently that paying BitCrypt once would seek peace once and for all. You are dealing with cyber criminal. One payment would convince the cyber criminal that you are wealthy and would probably like to pay the next time.

What’ worse, BitCrypt is actually geared by Trojan with the capability of storing and transmitting in an undetectable manner. In other word, the encrypted data can be exposed to other spammers who are eager for the confidential information. By reselling the information, the cyber criminal behind BitCrypt ransomware can earn extra money. 

 



Attention: though there’s no solution yet to help decrypt files, it is recommended to take actions in removing its vicious code. People should notice that when the BitCrypt ransowmare stays longer, the computer start to be harassed by various issues:

1. Error messages would pop up unreasonably to report that something is missing or corrupt.
2. Hijacking or redirecting problems to drag down browsing speed.
3. Additional web applications, extensions, programs can be seen to install without permission to occupy limited resource.

All these are compromising security guard on the affected system. Delay in BitCrypt’s removal could lead to a zombie machine; also identity theft can happen due to malicious JS technology. Some would say that he/she would rather purchase a new machine. Well, that can be an option. But to think about this crazy Internet world, it is filled with FBI MoneyPak virus, Metropolitan Police virus, browser ransomware,  Cryptolocker, CryptoDefense etc. and it offers many ways to alleviate spreads such as drive-by downloads, JavaScript manipulation and visiting loosely programmed web sites. Therefore, it is not worth buying new computer after each hit by ransomware.

Below is the recommended instruction to help remove BitCrypt’s vicious code. Follow the instruction to help yourself. Meanwhile, use your patience to wait for thrilling solution in decryption. Should you encounter any difficulty when sticking to the following instruction, please do feel free to contact the recommended PC Technology Support Center and get on-to-one assistance instantly.

Remove BitCrypt Ransomware

1. create a new user account from Safe Mode with Command Prompt.

Windows 7/XP/Vista

1. Cold restart the system and keep tapping on "F8 key" as the computer is booting.
2. Highlight "Safe Mode with Command Prompt" option when "Windows Advanced Options Menu" prompts up.
3. Press Enter key to type “explorer.exe” and hit Enter key again for another desktop.
4. Go to Control Panel and create a new user account with admin rights:

Windows 7 - User Accounts and Family Safety > User Accounts > ‘Manage another account’ > ‘Create a new account’ > tick ‘Administrator’ > press Create Account button.

Windows XP - ‘User Account’ > ‘Create a new account’ > Type a name for the new user account > press ‘Next’ > tick ’Computer administrator’ > press ‘Create Account’.

Windows Vista - ‘Add or Remove User Accounts’ > ‘Create a New Account’ > Enter an account name > tick ’Computer administrator’ > click ‘Create Account button’

Windows 8

1. Cold restart the system.
2. Hold down shift key and keep tapping F8 functional key together to select Troubleshoot with arrow keys.
3. Select Advanced options then and hit Restart button at the right bottom of the screen.
4. Please hit F6 to get into safe mode with command prompt.
5. Type “explorer.exe” then and hit Enter key again for another desktop.
6. Double click on ‘Control Panel’ on another start screen.
7. Click on ‘Add a user’ under ‘Users’ which is on the left pane.
8. If Windows Live id is available, use it to create a new account.
9. Otherwise, click on ‘More about logon options’ to fill in the given form
10. Then follow the on-screen hint to finish creating a user account with admin rights.

2. navigate to the following directories and remove all temp files.

C:\Documents and Settings\administor user name\Local Settings\Temp
C:\Windows\Temp
C:\Documents and Settings\current user name \Local Settings\temp\
C:\Documents and Settings\user name\Local Settings\Temporary Internet Files 

3. show hidden files and folders to remove BitCrypt ransomware in local disk.

Find and remove some strange files with unreasonable name such as [random number]/[random letter].exe in roaming folder under C:\Windows and C:\Windows\system32.

%Program Files%\ random
%AppData%\Protector-[rnd].exe
%AppData%\Inspector-[rnd].exe
%appdata%\bitcrypt.ccw

4. access Database to remove the items generated by BitCrypt.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random].exe
HKEY_LOCAL_MACHINE\SOFTWARE\ BitCrypt virus
HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\Policies\System ‘DisableRegistryTools’ = 0