BTCWare-PayDay Ransomware

Posted by Max Lehmann on November 6, 2017

What is BTCWare-PayDay Ransomware?

The BTCWare-PayDay ransomware is a malicious computer threat that stealthily gets on the computer and encrypts files of different formats. Upon encryption, the threat shows a ransom warning in a browser window. According to the warning you have to pay a ransom to have your data restored, but you should note that after receiving the money demanded, attackers do not tend to recover users' data. The possibility of having your files recovered by the attackers is close to zero, and our team at Anti-Spyware-101.com recommends that you take action to remove the BTCWare-PayDay ransomware from the computer.test

How does the BTCWare-PayDay ransomware work?

The BTCWare-PayDay ransomware encrypts files and appends an additional extension. When analyzing the infection, it has been observed that the threat is programmed to add different extensions which differ in the email address given in the extension. For examples, files might have the extensions . [payday@cryptmaster.info]-id-140.payday, .[keyforyou@tuta.io]-id-0.payday, .[payday@cryptmaster.info]-id-140.payday, and some other similar ones. As you can see, only the email address in the square brackets can differ.

A typical ransomware infection creates a .txt file containing a ransom message on the desktop. In the case with the BTCWare-PayDay ransomware, no file is created, but the analysis of the threat has revealed that the infection should drop its threatening warning in the file !! RETURN FILES !!.txt. However, the warning displayed on the screen is opened by payday.hta, which is located in the AppData folder.

In the ransom warning, the victim is required to make a payment in the Bitcoin currency, which is now widely used by cyber criminal, especially those specializing in ransomware. This currency comes in handy because of its functionality to make anonymous money transactions that are barely traceable. The crypto currency does not have its central issuer managing money transaction, which enables criminals gather significant sums of money. So far, skilled hackers have earned an estimated $25 million, and the sum is increasing even though the awareness of ransomware is being raised.

The attackers do not provide the exact price for decryption, because the price is claimed to depend on how quickly the victim contacts the attackers. The contact email has been found to differ in different samples of the infection.

To encourage victims to take action and earn their trust, which is probably possible because of the profits made, the intruders offer a decryption of up to 3 files on condition that the files are up to 1 MB in size and contain no valuable information (excel sheets, backupts, etc.). Even if you give in to the temptation to try out the offer and receive your files decrypted, do not risk losing your money. Take action to remove the BTCWare-PayDay ransomware from the computer and restore your files from your backup device.

How to prevent malware attacks?

In order to avoid unpleasant and unexpected system malfunction cases or data losses, it is essential to take preventative measures in advance of malware attacks. Keep the system and software protected is as important as staying away from freeware sharing networks and questionable emails. On top, it is highly important to keep the operating system secured against malware. Computer threats are installed surreptitiously, so if you do not have a powerful security tool running on your PC, you risk losing your sensitive information, not to mention the damage that might be cause to the operating system.

How to remove the BTCWare-PayDay ransomware?

It is possible to remove the BTCWare-PayDay ransomware manually, which you can do using the removal instructions given below. To fully eliminate the infection, you will have to remove its registry keys. The registry is a complex system where information about numerous system settings is stored, and you should be careful not to cause more damage.

In case you find the manual removal too complex, install our recommended security program which will terminate BTCWare-PayDay for you in no time and protect you against multiple other threats.

Remove the BTCWare-PayDay ransomware

  1. Press Win+R and type in regedit. Click OK.
  2. Follow the path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete two values payday and baby launching the ransomnote from the AppData folder.
  3. Press Win+R and type in %AppData%.
  4. Click Ok.
  5. Remove payday.hta. 100% FREE spyware scan and
    tested removal of BTCWare-PayDay Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *