Avast Decryption Tool for BTCWare 1.0.182.0

Published by

Avast Decryption Tool for BTCWare can unlock BTCWare, a ransomware strain that first appeared in March 2017 and has spawned five known five variants. All the Avast Decryption Tools are available in one zip here.
Avast Decryption Tool for BTCWare can unlock BTCWare, a ransomware strain that first appeared in March 2017 and has spawned five known five variants. All the Avast Decryption Tools are available in one zip here.

The variants can be distinguished by encrypted file extension. The ransomware uses two different encryption methods – RC4 and AES 192.

Encrypted file names will have the following format:

foobar.docx.[sql772@aol.com].theva
foobar.docx.[no.xop@protonmail.ch].cryptobyte
foobar.bmp.[no.btc@protonmail.ch].cryptowin
foobar.bmp.[no.btcw@protonmail.ch].btcware
foobar.docx.onyon

Furthermore, one of the following files can be found on the PC
Key.dat on %USERPROFILE%\Desktop
1.bmp in %USERPROFILE%\AppData\Roaming
#_README_#.inf or !#_DECRYPT_#!.inf in each folder with at least one encrypted file.
Ransom message:
After encrypting your files, the desktop wallpaper is changed as seen in the screenshot below.

 Download