You know as well as I do that as we all spend increasingly large portions of our waking lives working, playing, shopping and browsing online, the higher the risks of contracting a computer virus or being infected by ransomware are. There is big money to be made in the cyber crime industry and malicious programmers are creating online attackers that are now more sophisticated than ever before. It's like watching a dog chase its tail, watching antiviruses and malicious software play this endless game of outsmarting each other with their creations. But where does that leave us – the people who rely on the internet to earn money, relax or simply keep our busy lives in order? Well where we're left is in the position of now having to be increasingly alert if we want to defend ourselves from becoming yet another faceless victim in the online war.
But the issue is that because the two sides of good and evil are constantly battling to stay one step ahead of each other, ransomware is constantly reinventing itself and finding new ways to cause havoc on our PCs or extort our hard earned cash from us. Bit Cryptor is a good example of how cyber criminals constantly improves their malware making it more sophisticated and dangerous. This particular variant, unlike most ransomware, block Task Manager and other program that can be used to disable it. As a result, it might be difficult to run anti-malware software and remove the ransom virus. Bclock.exe is the main process of this ransomware. It's usually located in C:\Users\[YourUserName]\AppData\Roaming\Microsoft\Windows\ folder. So, in case you can't open anti-malware programs or Windows tools, try to remove or at least disable the bclock.exe program first. If you can't do this using Task Manager, try Process Explorer. There's also a filelist.locklst file which contains a list of all files encrypted. Don't delete it. It's not dangerous and besides you may still need it.
Here's how BitCryptor Your files have been encrypted wallpaper stored in %Temp%\wallpaper.jpg looks like:
What is ransomware?
Ransomware is, to put it frankly, a nightmare. Yes, Bit Cryptor is a nightmare too. Not only does it try and con you out of money, it also causes major issues on your computer, and it can cause you very real stress and upset too. It certainly is something that is worth taking the time to learn a little more about. Ransomware seems to come and go so read on and make sure that the next time it's doing the rounds you stand the best possible chance of not falling victim to it.
You're probably already one step ahead at this point and have guessed that ransomware is a type of malware that operates by holding you hostage. Actually, it holds your files, data, programs or operating system to ransom, but when your life is stored on our computers it may as well be you! In a nutshell, ransomware will kidnap, or lock, your computer and hold it hostage until you pay a release fee. It also display a ransom note in a text file, not just the Bit Cryptor decryptor window.
Your personal documents and files on this computer have just been encrypted.
The original files have been deleted and will only be recovered by following the steps described below.
Click on "Show encrypted files" to see a list of files that got encrypted.
The encryption was done with a unique generated encryption key (using AES-256).
This means that encrypted files are of no use until they get decrypted using a key stored on a server.
This server will only release the key if the amount of Bitcoins (displayed left of this window) is send to the Bitcoin address shown on the left of this window.
Each time the timer expires, the total cost will raise with the starting price.
How does Bit Cryptor infect you?
Like most types of malware, Bit Cryptor will infect you through a program, file or app that you have downloaded. Some ransomware attacks websites, infecting them and then you the visitor by default. Other ransomware is hidden in an attachment sent in a spam email or instant chat application. Finally, you may even be unlucky enough to be the victim of something called a 'drive-by installation' which is when you've stumbled across a website that has been infected by the malicious software.
What to do when this ransomware attacks?
Don't panic. And DON'T pay a ransom. Instead, follow the removal guide below on how to salvage your data and clean your computer ASAP. There are a few tools that can help you to restore at least some of your files without paying a ransom. Even though, there's no guarantee that these tools will help you, there's also no reason not to try them out. Who knows, maybe you will be the lucky one. Good luck and be safe online!
Written by Michael Kaur, http://deletemalware.blogspot.com
Step 1: Removing Bit Cryptor and related malware:
Before restoring your files from shadow copies, make sure Bit Cryptor virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.
1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.
IMPORTANT! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again. Also, try to disable bclock.exe using Process Explorer.
2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.
That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.
Step 2: Restoring files encrypted by Bit Cryptor crypto virus:
Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.
Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.
Method 3: Using the Shadow Volume Copies:
1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.
2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.
3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.
Hopefully, this will help you to restore all encrypted files or at least some of them.