BitPaymer Ransomware Removal Guide

Do you know what BitPaymer Ransomware is?

Malicious software developers have recently released a new threat BitPaymer Ransomware targeting companies primarily. Although it does not have a goal to ruin individual users’ data, they should not be so sure that it cannot enter their PCs illegally one day. Research conducted by our team of malware researchers has shown that BitPaymer Ransomware is mainly distributed through unsecured RDP and, on top of that, it might be spread via spam emails. This explains how it manages to enter computers unnoticed. Even though BitPaymer Ransomware is one of those malicious applications that usually enter systems illegally, the owner of the compromised machine realizes soon that malicious software has successfully entered the system – it is hard not to notice a bunch of encrypted files. Ransomware infections lock data belonging to computer users not without reason. All they want from them is their money. Users are told that they will get decryption software only if they pay a ransom, so some users come to a decision to send money to cyber criminals. Our security specialists do not recommend paying a ransom to cyber crooks even if important files have been locked. Instead, they see the immediate removal of BitPaymer Ransomware the only solution to the problem. Of course, in this case, files will still not be unlocked.

It soon becomes clear that a ransomware infection is the one working on the system because it does not take long for users to come across encrypted pictures, documents, text files, and other important files. In the case of BitPaymer Ransomware, it not only encrypts them by appending the .locked extension, but also creates a new file with the .readme_txt extension next to every encrypted file. It is a ransom note containing a message for users. It tells them that their files have all been encrypted and only a special decryption tool can restore them. Only cyber criminals have it, so it is not surprising at all that they ask victims to pay a ransom in exchange for the decryption key. Most probably, they will be asked to pay 50 BTC (~$138 580 at today’s price). The ransom it demands is considerably higher if compared to amounts of money other ransomware infections require, but we have not found this very surprising because BitPaymer Ransomware primarily targets companies and not ordinary users. Since there are no guarantees that the tool for the decryption of files will be given, no one should send cyber criminals money even if they threaten to share sensitive data with media and ruin the business reputation in case no money is received within 72 hours. There is especially no point in sending cyber criminals money if a backup of files exist because it means that the restoration of files is possible without the special decryptor.

Without a doubt, users contribute to the entrance of BitPaymer Ransomware, but they do not download it from some kind of page. Ransomware infections usually do not have official sources, but, instead, deceptive methods of distribution are usually adopted to spread them. Research conducted by our malware analysts has revealed that BitPaymer Ransomware is searching for unsecured/open RDP sessions and then enters PCs unnoticed when it finds them. Also, this infection might be disseminated via spam email campaigns. It might be quite a challenge to prevent a malicious application from slithering onto the computer, so we recommend the readers of this article to install a reputable security application for ensuring the system’s maximum protection. As long as it is active and updated periodically, the entire PC and files will be safe.

BitPaymer Ransomware is not a malicious application that makes serious modifications on victims’ machines upon the entrance, so the majority of users manage to delete it manually. Of course, the same can be done with an automatic scanner as well, but it must be noted that it might block some malware removers.

How to remove BitPaymer Ransomware

  1. Open the Windows Explorer by pressing Win+E.
  3. Locate a folder consisting of 3-7 random letters and then delete a malicious file {randomname}.exe.
  4. Open %UserProfile%\Local Settings\Application Data, find a folder with a random name (it should have 3-7 random letters) and delete the executable (.exe) file representing ransomware (Windows XP and Windows 2000 only).
  5. Remove all recently downloaded files.
  6. Empty the Trash bin.

In non-techie terms:

BitPaymer Ransomware does not enter computers with good intentions. It has the same goal as other ransomware infections, i.e. it seeks to obtain easy money. Theoretically, individual users might also get infected with this threat; however, research has proved that it is primarily targeted at companies. Most probably, cyber criminals expect to get more money from them. It is always a bad idea to pay cyber criminals money, believe us, so delete this threat ASAP and do not give them a cent despite the fact that important files have been locked.