Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

BitPaymer Ransomware

BitPaymer Ransomware is a newly discovered malicious program that was classified as ransomware due to the fact that it was designed to encrypt your personal files and then demand that you pay a large sum of money to get them back. You can either pay the ransom or remove it without paying because you cannot trust cyber criminals to decrypt your files. This particular ransomware is unique in that it does not attack computers of regular people but targets the computers of companies and businesses. It seeks to encrypt valuable files for which you may be inclined to pay a large sum of money. Also, it claims that it steals sensitive data and can share it with third parties if you refuse to pay. However, that has not been proven yet.

If BitPaymer Ransomware were to infect your PC, then it would start encrypting your files immediately. While it has not been determined, we believe that it uses either an AES or RSA encryption algorithm to encrypt the files. Both of these encryption methods ensure a strong encryption. Therefore, it will take some time for a free decryption tool to be developed. However, there is always the possibility that it cannot be decrypted.

This ransomware appends the encrypted files with a “.locked” file extension. As far as the targeted files are concerned, this ransomware was set to encrypt many file type no matter whether they are useful or not. Note thing is for sure, however, that it emphasizes encrypting documents, but it also encrypts audio files, images, videos, file archives and so on. It is worth mentioning that it drops a ransom note for each encrypted file. The note states that you have 72 hours to pay 50 BTC which is an approximate 135,000 US dollars that you need to send in one go. If you fail to meet the deadline, then it is said that your files will remain encrypted indefinitely.

You are required to download the TOR website and go a website set up by this ransomware’s developers. The site features information on where to purchase Bitcoins and where to send the ransom. We want to point your attention to the possibility that after paying this ludicrous amount of money, you may not get the decryption tool and key the developers have promised.

BitPaymer Ransomware can encrypt your files only if it manages to penetrate your computer’s security. However, if your PC does not have an anti-malware program, then it will infect it without too much difficulty. Our analysis has revealed that this program is currently being distributed via email spam. A dedicated email server sends spam mail to what we believe is a preselected list of email addresses of various companies. This ransomware is included as an attachment, and it may look like a document. However, if a person opens or downloads and then opens the file, then the computer will become infected with BitPaymer Ransomware. This ransomware creates copies of itself and places them at %LOCALAPPDATA%\*random 3-7 letters*\ and %UserProfile%\Local Settings\Application Data\*random 3-7 letters*. The name of the executable can be random, however, so identifying it may be tricky.

We hope you found this article insightful. As you can see, BitPaymer Ransomware is one dangerous computer infection that can encrypt the files on your company’s computers. Therefore, protecting them with an anti-malware program is a must. However, if your PC has already been infected by this malware and you do not want to pay the ransom, then you should remove it using an anti-malware program such as SpyHunter, or delete it manually using the guide we included below.

How to delete BitPaymer Ransomware

  1. Hold down Win+E keys.
  2. Type the following file paths in the address box of File Explorer.
  3. Press Enter.
    • %USERPROFILE\Downloads
    • %USERPROFILE\Desktop
    • %TEMP%
  4. Find the malicious executable, right-click it and click Delete.
  5. Then, go to %LOCALAPPDATA%\*random 3-7 letters*
  6. Find and delete the malicious executable.
  7. Lastly, go to %UserProfile%\Local Settings\Application Data\*random 3-7 letters*
  8. Find and delete the malicious executable.
  9. Empty the Recycle Bin.
Download Spyware Removal Tool to Remove* BitPaymer Ransomware
  • Quick & tested solution for BitPaymer Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.