- Jul 22, 2014
- 2,525
A new variant of the BTCWare ransomware was discovered by Michael Gillespie, that appends the .email-id-id.shadow extension to encrypted files. The BTCWare family of ransomware infections targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware.
Below is a brief summary of changes in this new Shadow btcware ransomware variant.
What's New in the Shadow Ransomware BTCWare Variant
Not much has changed with this new variant other than the email addresses a victim should contact the developer with and the extension appended to encrypted files. In this version, the contact email address is now paydayz@cock.li, which is listed in the ransom note below.
Shadow Ransomware (BTCWare) Ransom Note
The next noticeable change is the extension appended to encrypted files. With this version, when a file is encrypted by the ransomware, it will modify the filename and then append the .email-id-[id].shadow extension to encrypted file's name. For example, the file test.jpg was encrypted and renamed to test.jpg.[paydayz@cock.li]-id-C0C.shadow.
Read More: New Shadow BTCware Ransomware Variant Released
Below is a brief summary of changes in this new Shadow btcware ransomware variant.
What's New in the Shadow Ransomware BTCWare Variant
Not much has changed with this new variant other than the email addresses a victim should contact the developer with and the extension appended to encrypted files. In this version, the contact email address is now paydayz@cock.li, which is listed in the ransom note below.
Shadow Ransomware (BTCWare) Ransom Note
The next noticeable change is the extension appended to encrypted files. With this version, when a file is encrypted by the ransomware, it will modify the filename and then append the .email-id-[id].shadow extension to encrypted file's name. For example, the file test.jpg was encrypted and renamed to test.jpg.[paydayz@cock.li]-id-C0C.shadow.
Read More: New Shadow BTCware Ransomware Variant Released
Last edited by a moderator:
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
