Bitx Ransomware

Posted by Sarah Stewart on December 3, 2019

What is Bitx Ransomware?

Careless moves online can lead to the invasion of all kinds of malware. Bitx Ransomware is an infection that could do the same. These careless moves might include failure to install updates in time, to recognize malicious downloaders/installers, and to identify spam emails containing malware files. If you are inexperienced and gullible, you are more likely to become a victim of this malware. Of course, even if you are more cautious, malware could find a way into your operating system if you do not protect it appropriately. Once inside the system, the threat encrypts personal files, and then the “.id-{unique ID code}.[1btc@qbmail.biz].bitx” extension is added to their names. Should you remove this extension? Do not bother with that. What you need to do is delete Bitx Ransomware, but, unfortunately, even this will not restore your personal files. In fact, it is possible that you will not be able to recover them. Have you found a tool that promises to decrypt files for free? If you have, research it thoroughly and carefully.testtest

How does Bitx Ransomware work?

Bitx Ransomware comes from the Crysis-Dharma Ransomware family, and it has many clones, some of which include Dharma-Ninja Ransomware, Nvram Ransomware, and Deal Ransomware. Even if they are controlled by different parties, they are pretty much identical. After execution, they quickly encrypt files and attach extensions. These extensions always include unique ID codes (new code for every victim) and an email address associated with the attacker. Once files are encrypted, additional files are dropped. The malicious Bitx Ransomware creates a file named “FILES ENCRYPTED.txt” in every affected folder. The message reads: “all your data has been locked us You want to return? write email 1btc@qbmail.biz or getdecoding@protonmail.com.” The second file that this malware creates is called “Info.hta,” and it is dropped to %APPDATA% and %WINDIR%\System32\ directories as well as the Startup folder. This file launches a window that has an email address presented as its title – “1btc@qbmail.biz.” We suggest closing the window immediately because the message delivered using it could be highly misleading.

The attackers behind Bitx Ransomware are using the .hta file to inform you that you are expected to pay a ransom in Bitcoins to have a decryption tool sent to your email. You are supposed to contact the attackers so that they could provide you with payment details, but we do not recommend doing that due to the risk of being exposed to new scams via your inbox. If you want to see what the attackers want from you, create a new email account and then remove it from existence. Do NOT click any links or open any files that the attackers might send you. Unfortunately, Bitx Ransomware encrypts personal files, and if they cannot be replaced using backups, some victims might feel pushed into a corner. Well, even if you decide that you can afford the ransom payment, you should not pay it because you are unlikely to get anything from the attackers. This entire ordeal is likely to be a scam to trick you into giving away money, and your personal files are just collateral damage.

How to delete Bitx Ransomware

Although it is clear that removing Bitx Ransomware is necessary, the removal process is not so clear. That is mostly due to the fact that the launcher file could be anywhere inside your operating system. It could exist on the Desktop, or it could exist in some obscure subfolder deep within another folder. If we could provide you with clear instructions on how to locate and delete this file, we definitely would do that, but we cannot. That means that manual removal might not work for everyone. Luckily, legitimate anti-malware software can always be used to assist with the elimination of malware. Even better, this software can help with protection against malicious threats in the future. Note that if you do not take care of protection, you might face new file-encryptors and other kinds of malware soon. Also, do not forget to always create copies of your personal files. Store them online or on external drives, and you will never be at risk of losing your personal files.

Removal Guide

  1. Right-click the malicious file that executed the threat and select Delete.
  2. Right-click the file named FILES ENCRYPTED.txt and select Delete (might have copies).
  3. Launch Explorer (tap keys Win+E) and enter the following linesinto the quick access field:
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %APPDATA%
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %LOCALAPPDATA%
    • %WINDIR%\System32\
  4. Right-click and Delete files Info.hta and [unknown name].exe.
  5. Launch Run (tap keys Win+R) and enter regedit into the box to launch Registry Editor.
  6. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  7. Right-click and Delete the {random name} values linked to the Info.hta and [unknown name].exe files.
  8. Exit Registry Editor and Explorer and then Empty Recycle Bin.
  9. Install a trustworthy malware scanner and use it to scan your system for leftovers. 100% FREE spyware scan and
    tested removal of Bitx Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *