Bitdefender Introduces Ransomware Recognition Tool and BTCWare Decryptor

Tuesday, September 26, Bitdefender unveiled two new free tools that will fight ransomware. Exciting. One helps identify which malware family has infected a particular device, and the other decrypts BTCWare ransomware.


The first tool, hosted on the Bitfinder cloud, analyzes the ransom note and encrypted file samples found on a victimized machine in order to classify the family and subversion of ransomware that's responsible for an attack. When possible, the tool will also recommend a decryption tool to migrate the infection. When unable to narrow down the culprit to just one malware program, the tool will list all of the possible ransomwares, with a percentage of confidence next to each one.


The decryptor tool, meanwhile, is designed to neutralize BTCWare ransomware, which was discovered in March 2017. According to Bitdefender, the ransomware uses three different cyphers to encrypt data and appends nine different extensions to affected files.


In a BitDefender Labs blog post, the company explains that in order to build its tool, "we used leaked private keys that can decrypt almost all versions of the malware (v1, v2, and v3), as well as the .master extension in version 4 of the malware. We are also working to add some optimized brute-forcing technologies to cover the instances in which they leaked keys don't work."


The tools also performed a test on five random files before decrypting the rest of the machine's contents, in order to ensure that it won't cause further file damage. Decryption may not work in some cases, Bitdefender warns.