Avast Decryption Tool for BTCWare can unlock BTCWare, a ransomware strain that first appeared in March 2017 and has spawned five known five variants
Avast Decryption Tool for BTCWare can unlock BTCWare, a ransomware strain that first appeared in March 2017 and has spawned five known five variantsThe variants can be distinguished by encrypted file extension. The ransomware uses two different encryption methods ? RC4 and AES 192.Encrypted file names will have the following format: foobar.docx.[sql772@aol.com].thevafoobar.docx.[no.xop@protonmail.ch].cryptobytefoobar.bmp.[no.btc@protonmail.ch].cryptowinfoobar.bmp.[no.btcw@protonmail.ch].btcwarefoobar.docx.onyonFurthermore, one of the following files can be found on the PC Key.dat on %USERPROFILE%\Desktop1.bmp in %USERPROFILE%\AppData\Roaming#_README_#.inf or !#_DECRYPT_#!.inf in each folder with at least one encrypted file.Ransom message:After encrypting your files, the desktop wallpaper is changed as seen in the screenshot below.Download