KeyBTC is programmed to infect computer and lock valuable data
Spam emails, the email contains a zip folder which has a .doc or .js file in it. They might look like shipment notifications, postal reports or fake invoices.
This ransomware enters the victim’s device through spam mail , once th victim downloads it and clicks on it the infection begins, once the victim clicks on the zipped file which contains ransomware it starts infecting the device, in the background it starts to downloads numerous other files inorder to begin the encryption. This ransomware downloads an unique key from its server and then starts encrypting the victim device with the help of that unique key that is obtained. Once this process is completed it starts to scan the victim device but it targets only specific files that it is programmed to do. Then the encryption is done. The encrypted files are kept in file1.bin and File2bin.
It mainly targets the files with these extensions: .mdb , .pdf , .rtf , .accdb , .slddrw , .zip , .rar , .max , .jpg , .xls , .xlsx , .doc , .docx , .cdr , .dwg , .1cd , .cd. Thus, its target scale is smaller in comparison with other ransomware.
Then this ransomware leaves a help note on the victim’s device in which the process of retrieving back the encrypted files are given. After the encryption the ransomware demands the victim to pay a certain amount inorder to get back the encrypted file. The victim can contact the attacker with the mail id that is provided in it.