Bitransomware
Description
BitRansomware (also known as DCryptSoft or ReadMe) surfaced in November 2020, primarily as a widespread cryptolocker targeting end users in the APAC region, especially universities in Japan and Hong Kong. The malware was delivered via a malspam campaign powered by the Phorpiex botnet, distributing deceptive ZIP attachments with a screensaver-like .scr payload. Once activated, BitRansomware encrypts files and appends the .ReadMe extension—leaving ransom notes to guide victims toward payment. The campaign peaked sharply around November 4, 2020, with over 28,000 email instances detected in a single day, as seen by VMware NSX telemetry.
External Analysis |
https://blogs.vmware.com/security/2020/12/phorpiex-powered-bitransomware-targets-apac-universities.html |
Chat servers |
Screen |
http://mrv44idagzu47oktcipn6tlll6nzapi6pk3u7ehsucl4hpxon45dl4yd.onion/ |
|