Types header

Name KeyBTC
Type Crypto Ransomware
Encryption Type PGP/RSA
Short Description

KeyBTC is programmed to infect computer and lock valuable data

Symptoms Once the ransomware is downloaded it will download some more files, then creates a unique key for encryption and then uses that key for encrypting the data’s the encrypted data’s extension will be changed . the inbox mail will be as This email address is being protected from spambots. You need JavaScript enabled to view it.. The ransomware then encrypts the files using the key that is downloaded the decryption key will be known to the developer alone, then it demands for the ransom to be paid for retrieving back the encrypted files.
Distribution Method

Spam emails, the email contains a zip folder which has a .doc or .js file in it. They might look like shipment notifications, postal reports or fake invoices.

Image  KeyBTC
More Details

This ransomware enters the victim’s device through spam mail , once th victim downloads it and clicks on it the infection begins, once the victim clicks on the zipped file which contains ransomware it starts infecting the device, in the background it starts to downloads numerous other files inorder to begin the encryption. This ransomware downloads an unique key from its server and then starts encrypting the victim device with the help of that unique key that is obtained. Once this process is completed it starts to scan the victim device but it targets only specific files that it is programmed to do. Then the encryption is done. The encrypted files are kept in file1.bin and File2bin.

It mainly targets the files with these extensions: .mdb , .pdf , .rtf , .accdb , .slddrw , .zip , .rar , .max , .jpg , .xls , .xlsx , .doc , .docx , .cdr , .dwg , .1cd , .cd. Thus, its target scale is smaller in comparison with other ransomware.

Then this ransomware leaves a help note on the victim’s device in which the process of retrieving back the encrypted files are given. After the encryption the ransomware demands the victim to pay a certain amount inorder to get back the encrypted file. The victim can contact the attacker with the mail id that is provided in it.