Bitcoin Ransomware Education – AutoDecrypt

The number of different types of Bitcoin ransomware continues to grow at an alarming rate. Earlier this week, security experts have come across a new strain that goes by the name of AutoDecrypt. Contrary to what people may believe by looking at the name, this malware will not automatically decrypt itself unless a payment is made. However, that is only part of what makes this ransomware so destructive.

Beware of AutoDecrypt Ransomware

As we have somewhat come to expect from malware developers as of late, they always find new ways to make life a lot harder for their victims. AutoDecrypt is no different in this regard, as it provides to be quite a nasty piece of ransomware that can cause a lot of problems. In fact, it utilizes a new technique that can make it virtually impossible to recover files without paying the ransom.

To be more specific, AutoDecrypt uses the Windows Cipher tool to wipe free space on the infected machine’s hard drive. That is quite an interesting technique, and one that no other type of ransomware is – seemingly – using right now. Anyone who has a backup of their data may find this quite problematic, though, as it makes the entire process of recovering files a lot more troublesome.

The ransom note left behind by this particular malware is also quite professional, for a change. The message informs users to “stay calm” and how they the developers need a “contribution” from their victims to make sure they can access all of their files once again. The message is far less comforting than the criminals make it sound, though.

As one would expect, the people behind it are looking to score a Bitcoin payment. Unfortunately, it does not appear there is a fixed payment required for every infection. It is possible the amount will vary based on how quickly the victim takes action, although that has not been officially confirmed right now. Users are also redirected to a unique payment link hosted on the IWantMyFiles.asia domain, which has started to make the rounds in the ransomware world as of late.

The ransom note does not do much handholding when it comes to helping victims by bitcoin either. The note mentions how people need to type it in Google and visit the address of LocalBitcoins. It is interesting to note the criminals are not referring users to different exchanges, as some other malware types list an overview of platforms where Bitcoin can be purchased.

It is a bit unclear how the AutoDecrypt ransomware spreads itself right now. The usual suspects are malicious internet links on social media, malware-laden email attachments, and peer-to-peer file sharing networks. Security researchers are still analyzing a malware sample, and more information is expected to be released in the coming weeks.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.