What is Bitsran?

Bitsran is a malicious infection that doesn’t work alone. We have to understand that such Trojans are often just malware components that tell us about an onset of a far more dangerous infection. As far as we know, this Trojan component is part of the Hermes Ransomware infection, and it might be the first step in this entire attack. It is essential to detect and remove Bitsran before it manages to launch the file-encrypting infection. Although it is possible to do that manually, we would strongly recommend using an automated antispyware tool that would help you terminate all the malware components automatically.

Where does Bitsran come from?

Security researchers suggest that Bitsran is a Trojan component that is used by the Lazarus hacking group. Please note that the same malware component and the same attack group might have several names depending on the security research team that analyses them. Hence, Bitsran is also known as ShadyCat, and the Lazarus attack team is also called the APT38 hacking group. If you come across these different names, be aware that they refer to the same subjects.

Likewise, the same hacking group might employ several Trojan infections. As far as Bitsran is concerned, it was first spotted in 2017. The hacking group behind the attacks seems to be very specific about its targets because the first attack was carried out against the Far Eastern International Bank in Taiwan. However, Asian organizations are not the only ones that were affected by this hacking group. There have also been reports that Bitsran infected banks in Mexico and Poland.

It is widely believed that the Lazarus group refers to a team of hackers from North Korea. North Korean hackers are thought to be backed by the North Korean government. Therefore, it is not surprising that the hacking team mostly aims for particular targets like banks, government institutions, and other important organizations.

It also means that a regular user can hardly be affected by Bitsran and all the other malware that might arrive with it. Nevertheless, anyone who works at a big organization should be aware of the potential cybersecurity threats posed by such hacker groups. The problem here is that usually, computers in one organization are often connected in one big network. Thus, infecting one computer on the network might eventually result in the infection’s spreading across other systems.

What does Bitsran do?

As mentioned, Bitsran is associated with Hermes Ransomware. Hence, the Trojan itself might not have that many functions, but once it is launched, it could connect to a remote server and download the second payload on the target system.

Also, let’s not forget that Trojans are often used in cyber espionage schemes, so if Bitsran has the capability to function as an espionage tool, it could easily receive the commands from its C2 center, and this dangerous infection could work in the background of your system for quite some time before it is even detected. Thus, rather than focusing on the removal (which is definitely something you have to do), it is also very important to learn how the likes of Bitsran spread, so that you could stop similar infections.

It probably goes without saying that most of the Trojan infections reach their victims through spam emails. It is very frustrating because it also means that victims launch malicious installers, too. When someone works at a government organization, they must deal with countless emails and documents every single day. A spam email with the dangerous attachment might just slip through accidentally. To avoid that, it is strongly recommended to scan all the received files before opening them.

How do I remove Bitsran?

If you haven’t been infected by a ransomware program yet, you can obviously remove Bitsran manually. However, if a corporate computer system was attacked by this program, it would be for the best to leave it for your IT or Security departments. Also, make sure that your computer has the latest antispyware tools that would protect your data from similar intruders in the future. But let’s not forget that your own behavior online and the way you deal with unfamiliar files matter just as much when it comes to cybersecurity.

Manual Bitsran Removal

  1. Press Win+R and type %TEMP%. Click OK.
  2. Delete bitsran.exe and the RSW[4 random symbols].tmp file.
  3. Press Win+R and type regedit. Click OK.
  4. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
  5. On the right side, right-click and delete malware-associated values.
  6. Run a full system scan with a security tool of your choice. 100% FREE spyware scan and
    tested removal of Bitsran*

Leave a Comment

Enter the numbers in the box to the right *