Bit Paymer Ransomware Demands a 53 Bitcoin Payment

We have seen many different types of ransomware over the past few years. Most of these malicious tools demand a Bitcoin payment. Bit Paymer is one with a very elaborate ransom note explaining how and where victims should buy Bitcoin to pay the criminals. Let’s take a closer look at Bit Paymer.

Bit Paymer Wants People to get Acquainted with Buying Bitcoin

Security researcher Michael Gillespie has come across Bit Paymer some time ago. This particular malware encrypts files on your computer and appends a custom file extension. In this case, that is the “.locked” file extension. Not the most creative one by any means, but it will get the message across regardless. Interestingly enough, Bit Paymer does not remove the original extension, but just adds one on top of the existing structure.

It also appears Bit Paymer creates a copy of a text file for every single file on the computer it encrypts. Every single text file is the same and pertains to the ransomware’s demand for a Bitcoin payment. One thing that sets Bit Paymer apart from the rest is how it has one of the most extensive ransom notes we have seen in months. It lists many different ways for victims to buy Bitcoin and even includes links to set up a proper Bitcoin wallet.

For the time being, it appears victims of this ransomware are asked to make a very steep payment of 53 Bitcoin. It does not appear Bit Paymer generates a unique decryption key for every infected device. That is rather strange, considering it reduces the chances of victims paying a Bitcoin ransom to get their files back. Researchers are uncertain about which encryption method is used by this malware in its current iteration.

We do know Bit Paymer brings back the standard of using a command and control server. Some recently discovered variations of malware tried to steer away from this model and remove their central point of failure from the equation. It does appear the malware is mainly targeting corporations and companies rather than individual consumers. This may explain the steep price, since there is no way consumers will pay 53 Bitcoin to get rid of this malware.

This steep ransom demand has researchers concerned, for obvious reasons. In most cases, ransomware victims pay between $50 and $500 to get their files decrypted. Bit Paymer, on the other hand, demands a $101,490 payment at the current Bitcoin price. That is an incredibly high amount, and it is expected no companies will pay. After all, there is no guarantee of receiving the decryption key once the payment has been sent.

There is no free decryptor available for this malware strain just yet, nor will there be any unless security researchers get their hands on a sample.  There is no indication as to how this malware is distributed either, which makes it even more dangerous.