Bitx Ransomware

Bitx Ransomware is one of those infections that our research team has seen many times before. While it is a unique infection, it is not unique in its functionality. In fact, our researchers have discovered that it is a clone of such well-known and widely-researched infections as Dharma-Ninja Ransomware, Nvram Ransomware, Deal Ransomware, or RSA Ransomware. They all belong to the Crysis/Dharma Ransomware family, and, unsurprisingly, they have many things in common. For example, they are believed to spread in the same way. You might let in any of these threats by interacting with malicious downloaders or opening the files attached to misleading spam emails. Hopefully, you have not encountered this malware yet, and you can adjust your caution to ensure that you are not tricked into letting it in yourself. However, if you already need to remove Bitx Ransomware from your operating system, we are here to assist you. Do you want to delete the infection ASAP? We have created a guide that might help you, but we suggest reading the report first.

You might have figured out that something happened to your files when you discover that they cannot be read and that the “.id-{ID}.[1btc@qbmail.biz].bitx” extension is attached to their names. Of course, at this point, you might not understand what has happened, unless you have heard of ransomware and know how it operates. Due to this, Bitx Ransomware uses “Info.hta” and “FILES ENCRYPTED.txt” files. The .hta file launches the “1btc@qbmail.biz” window, and the message represented via it informs that all files were encrypted and can be decrypted only with the help of a tool offered by the attackers. It is stated that you need to email 1btc@qbmail.biz or getdecoding@protonmail.com to get more information on how to pay for this, allegedly, beneficial tool. The .txt file is dropped next to the encrypted files, and the message inside also instructs to contact the attackers. Hopefully, we do not need to explain why doing that is dangerous. If you do not understand, think about what the attackers could do if they knew your email address. Sure, at first, they would force you to pay the ransom, but, later on, they could try to scam you again.

Of course, you cannot avoid emailing the attackers behind Bitx Ransomware if you decide that paying the ransom is the right move. Our researchers suggest that that would be the wrong move. The attackers would definitely take your money, but whether or not they would give you a decryptor in exchange is unknown. More likely than not, they would not give you anything in return, and that is why you need to think very carefully if you want to put your money on the line. The ransom is unlikely to be small, and it is also unlikely that you could make a deal with the attackers. In the best-case scenario, you do not need to contact the creator of Bitx Ransomware at all because you do not need to worry about having your files decrypted. That would be the case if you had backups of your personal files stored someplace outside the operating system that was infected. Alternatively, you might be able to find a free decryptor that is capable of restoring your personal files. You can try researching Dharma or Crysis decryptors, but do NOT install the first tool you find because you do not want to expose yourself to malware posing as a decryptor.

If you follow the instructions you can see below, you will learn how to delete Bitx Ransomware-related files. Unfortunately, the most important file is the launcher of the infection, and the name and location of this file are unknown, which means that we cannot show you how to delete it. If you are not able to overcome this obstacle yourself, you will not be able to remove Bitx Ransomware manually. That is not a huge problem. In fact, even if you can erase the infection yourself, we still recommend installing anti-malware software. It will scan your system to identify malware, and then it will perform removal automatically. At the same time, it will reinstate Windows protection, and so you will not need to worry about new threats attacking your operating system. Once you remove the threat, you can replace the corrupted files or try using legitimate decryptors. In the future, do not forget to backup the files that matter to you.

Bitx Ransomware Removal

1. Delete the launcher of the infection. Unfortunately, the location/name is random, and if you cannot identify the malicious file yourself, it might be best to employ legitimate anti-malware software.
2. Delete the ransom note file, FILES ENCRYPTED.txt (erase all copies dropped next to the encrypted files).
3. Launch Windows Explorer by simultaneously tapping Win and E keys on the keyboard.
4. Access these folders (enter the path into the field at the top of Explorer) one by one:
   • %APPDATA%
   • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
   • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
   • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
   • %LOCALAPPDATA%
   • %WINDIR%\System32\
5. If you can identify ransomware files (Info.hta and {unknown name}.exe), quickly Delete them.
6. Launch Run by tapping Win and R keys and then enter regedit into the dialog box.
7. In Registry Editor, move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
8. If you can identify ransomware values (linked to Info.hta and {unknown name}.exe files), Delete them.
9. Empty Recycle Bin and then quickly employ a trusted malware scanner to check for hidden leftovers.