Bitdefender introduces ransomware recognition tool and BTCWare decryptor

September 27, 2017

Bitdefender on Tuesday unveiled two new free tools to fight ransomware: one that helps identify which malware family has infected a particular device, and one that decrypts BTCWare ransomware.

The first tool, hosted on the Bitdefender cloud, analyzes the ransom note and encrypted file samples found on a victimized machine in order to classify the family and subversion of ransomware that's responsible for an attack. When possible, the tool will also recommend a decryption tool to mitigate the infection. When unable to narrow down the culprit to just one malware program, the tool will list all of the possible ransomwares, with a percentage of confidence next to each one.

The decryptor tool, meanwhile, is designed to neutralize BTCWare ransomware, which was discovered in March 2017. According to Bitdefender, the ransomware uses three different cyphers to encrypt data, and appends nine different extensions to affected files.

In a Bitdefender Labs blog post, the company explains that in order to build its tool, "we used leaked private keys that can decrypt almost all versions of the malware (v1, v2 and v3 ), as well as the .master extension in version 4 of the malware. We are also working to add some optimized brute-forcing technologies to cover the instances in which the leaked keys don't work."

The tool also performs a test on five random files before decrypting the rest of the machine's contents, in order to ensure that it won't cause further file damage. Decryption may not work in some cases, Bitdefender warns.

prestitial ad