- Oct 23, 2012
- 12,527
Victims that got infected with the BitStak ransomware now have a chance to recover their files without having to pay the ransom, thanks to a decrypter made available for free by security researcher Michael Gillespie.
BitStak is a new ransomware that appeared this week when security researchers from MalwareHunterTeam came across this threat. According to several researchers that analyzed the ransomware's source code, calling it a "threat" is an insult to other ransomware variants because its code was written by an inexperienced developer.
BitStak deemed low-end ransomware
It is to no surprise that it didn't take more than a few hours after it was spotted for Michael Gillespie to craft a decrypter to reverse the encryption routine through which BitStak locked user files.
The decrypter, after you download it from here, is simple and straightforward to use. Just double-click it and press the giant button that says "Decrypt Files."
BitStak is a new ransomware that appeared this week when security researchers from MalwareHunterTeam came across this threat. According to several researchers that analyzed the ransomware's source code, calling it a "threat" is an insult to other ransomware variants because its code was written by an inexperienced developer.
BitStak deemed low-end ransomware
It is to no surprise that it didn't take more than a few hours after it was spotted for Michael Gillespie to craft a decrypter to reverse the encryption routine through which BitStak locked user files.
The decrypter, after you download it from here, is simple and straightforward to use. Just double-click it and press the giant button that says "Decrypt Files."
Users that have been infected with ransomware can use the ID-Ransomware service to identify if BitStak is the culprit, based on an encrypted file and the ransom note. Below is an image of the standard BitStak ransom note.
BitStak jumbles all file and folder names
Additionally, users can also spot a BitStak infection based on the way the encrypted files are renamed.
While normal ransomware just appends an extension at the end of the file, BitStak goes one step further, by creating random names for both the files and the folders in which it locks files.
Something like image.png will be renamed to "diolx.htp.bitstak" with all character being chosen at random. This prevents victims from identifying the nature of the locked files and what they contained before the infection.
A normal BitStak infection asks users to pay 0.07 Bitcoin ($45 / €40). This is a very small amount of money compared to other ransomware families, but probably BitStak's author knew he hadn't created some of the best ransomware around, so he was just trying to get as much money as he could but in smaller amounts.
Users that encounter problems with the decrypter or spot an undecryptable BitStak version can ask for help on this forum topic.