Ransomware threats come in many different shapes and sizes. In most cases, these types of malware will lock your computer, encrypt files, and demand a Bitcoin payment. Every now and then, however, we see a very different type of malware, one which steals data. Bitshifter is one of those ransomware types which not only demands a payment but also steals one’s cryptocurrency wallet information.
Bitshifter Is a Very Dangerous Type of Ransomware
It sounds rather strange for malware developers to try and steal cryptocurrency wallet information. The main objective of distributing ransomware is to receive as many Bitcoin payments as possible. If the bad guys were to steal a wallet’s information and the private key before that payment could be made, victims would not be able to pay the ransom and have their files decrypted. That would seems like a very bad decision by the developers.
Ransomware developers are well aware that most victims won’t pay ransom to begin with. That’s because more and more people are becoming aware that paying a Bitcoin ransom is no guarantee to have their files decrypted. In fact, it seems to be a 50/50 chance of whether or not one receives a decryption key after making the payment in the first place.
We live in an era where not enough people make data backups, yet people are willing to take a data loss over making a ransomware payment. That is both a blessing and a curse at the same time. Consumers and enterprises need to be aware of the importance of having data backups. Granted, not every type of malware will allow users to restore files from a backup. Many ransomware types delete the shadow volume copies on the hard drive, making file recovery nearly impossible.
We do not know much about Bitshifter at present. The malware strain was discovered earlier this week, and it is unclear how the malware is distributed or what type of encryption it uses. We have no idea how much money must be paid to get rid of it either. Bitshifter does appear to use a websocket connection to communicate with a command and control server, but that has not been officially confirmed at this stage either.
Another new ransomware: Bitshifter.
Not usual features that it also has WebSocket C2, and can steal things…@BleepinComputer @demonslay335 pic.twitter.com/qunyyi6U0O— MalwareHunterTeam (@malwrhunterteam) July 21, 2017
This malware steals cryptocurrency wallets and constitutes a major threat. It seems that the malware steals Bitcoin wallet information first and foremost, although various altcoins may be affected as well. It is anybody’s guess as to the type of wallets these thieves are targeting, though it is safe to assume that no cryptocurrency is safe from harm. This malware may steal other data as well, including banking credentials, login information, and who knows what else.
It does not happen all that often that we come across a ransomware with so much potential for cryptocurrency theft. Bitshifter will prove to be quite a troublesome piece of malware for quite some time to come. We will keep an eye out for any additional information regarding this malware and keep our readers informed accordingly. Bitshifter is a serious threat to all cryptocurrency users around the world.