Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Changes default search engine


If you have ever faced the malicious Hermes Ransomware 2.1, there is a good chance that Bitsran was responsible for the infiltration of this dangerous file-encrypting malware. According to malware experts, the ransomware could have been employed by the Trojan to distract victims from much greater crimes. Of course, the ransomware itself could be distributed by many other Trojans, and it could even spread with the help of malicious downloaders and spam emails. Obviously, if you discover the file-encryptor, you must delete it as soon as possible, but do not forget to check your operating system for additional threats, because it is always possible that you will need to remove Bitsran. In this report, you will learn about this dangerous Trojan, and you will also learn about the steps that must be taken to ensure that Windows operating systems are guarded against this malware and other threats alike.

Also known as ShadyCat, Bitsran is a Trojan that, most likely, was created by the Lazarus hacking group. Some researchers refer to it as the APT38 hacking group. The first attacks of the Trojan were reported back in 2017 when it was found to have invaded the operating systems of the Far Eastern International Bank in Taiwan. Unfortunately, the Trojan was able to steal money and transfer it overseas, so that it could not be retrieved back. A little later on, Bitsran attacked banks in Poland and Mexico, but there was no evidence of payment systems being targeted. The hacking group that is believed to be associated with this Trojan is located in North Korea, and it is believed that it only attacks specific targets. It is not one of those groups of cybercriminals that would try to attack anyone and everyone. Due to this, it is believed that Lazarus is most likely to focus on government organizations, banks, international companies, and similar targets in those countries that North Korea has a conflict with.

The attacks of Bitsran did not reoccur after 2017, and it is hard to say whether or not this malware could be revived. That being said, it is important to note that this threat is believed to have spread using spam emails. Even if we do not see new spam emails containing the launcher of the Trojan, there are literally thousands of other threats that could use the same security backdoor. What you need to do is assess every single email you receive. This might seem like a nuisance at first, but once you get used to checking your inbox thoroughly, it will become a habit of yours. This is the kind of habit that could save your personal data and your virtual security. Note that cybercriminals can create highly convincing messages, and they might even hijack real accounts of people you know to spread malware. When Bitsran was spread, it was dropped to the %TEMP% directory, and this is where the launcher of the malicious ransomware was dropped too. The manual removal guide below shows how to find and delete malware files. All in all, make sure you are cautious about what emails you receive and what kinds of files or links attached to them you interact with.

There is a good chance that we will never have to face Bitsran again, but new and improved versions of this malware could emerge, and so it is crucial to protect our operating systems against all threats. It goes without saying that implementing authentic anti-malware software is crucial. If you have this kind of software set up, you do not need to worry about the removal of existing threats separately because the software can delete it automatically. It is also crucial to set up firewalls, create strong passwords for all systems, educate employees (especially about the dangers of spam emails), and also create a well-rounded cybersecurity team. Since Trojans and other dangerous threats controlled by the Lazarus group are most likely to affect organizations, companies, and agencies, setting up a team of cybersecurity experts is the best investment you can make. Hopefully, these experts will be able to remove Bitsran and threats alike, prevent new malware from coming in, and respond quickly to all kinds of cyberattacks.

Bitsran Removal

  1. Launch Windows Explorer by tapping Win+E keys.
  2. Enter %TEMP% into the field at the top.
  3. Delete files named bitsran.exe and RSW{4 random symbols}.tmp or, better yet, delete ALL files.
  4. Launch Run by tapping Win+R keys.
  5. Type regedit into the box and click OK to launch Registry Editor.
  6. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
  7. Delete any values associated with malware files.
  8. Empty Recycle Bin and then immediately employ a malware scanner to inspect the system for leftovers.
Download Spyware Removal Tool to Remove* Bitsran
  • Quick & tested solution for Bitsran removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.