BitPaymer Ransomware Recovery Services
Call us at 949-281-4998 anytime, 24/7.
We understand you need help fast.
Or provide your contact information, and we’ll get back to you quickly.
Has Your Business Fallen Victim to BitPaymer Ransomware?
Our Ransomware Response Team is ready to help. Specializing in Helping Businesses remove ransomware & restore encrypted files.
BitPaymer Ransomware Recovery Services
Rely on Intelecis to prioritize your data recovery because downtime has a significant negative impact on business performance across all industries. Numerous businesses have benefited from the expertise of our well-equipped Ransomware Team.
What is BitPaymer?
By targeting medical facilities through the remote desktop protocol and other email-related methods, the BitPaymer malware temporarily shut down regular services in exchange for a large ransom. Later, security experts provided proof that not only was BitPaymer being dropped by DRIDEX, but that it also originated from the same cybercriminal organization.
The malware’s execution chain is described in great detail in a paper by Trend Micro.
|
Hash |
Detection Name |
|
f8ed1a7ec231cd0aaeee9498541e822133d406d8 |
Ransom.Win32.BITPAYMER.TGACAM |
|
47ff3a11ca6f1c088799afaaafadcd46b89f44ac |
TROJ_GEN.R011C0WGA19 |
|
94b37a49c91f8bae7817be8892520c8e50ce62d5 |
Ransom.Win32.BITPAYMER.TGACAM |
|
fea875bee31434f43bba4384cade7bba83af6404 |
TROJ_GEN.R007C0PAG20 |
|
66bb444ea7e54b7f6b6a1305bed3556191ceeaf2 |
TROJ_GEN.R03FC0DFH19 |
|
babcc902eb4fda6824a9f63fea9267e21eb256ae |
TROJ_GEN.R011C0PFO19 |
|
3752eaae8633c361a26aa763e2688ecf62c1a61f |
TROJ_GEN.R011C0PFI19 |
|
bc2b35e453a31cda3b430ff25391c66899981d2a |
TROJ_GEN.R011C0RFF19 |
|
adf3580cc8115d206ed15a881bb8144dec068b18 |
Ransom.Win32.ICRYPT.AG |
|
8abc0909a346553236e05f2fa8c12da7925440d0 |
TROJ_GEN.R011C0RFE19 |
|
84b1513647a3c15614741724e4cbec32e7b4af69 |
TROJ_GEN.R011C0WF719 |
|
195157993bffdd51e4bd2fe2ac5fcc0971033db7 |
TROJ_GEN.R011C0WF219 |
|
233aa2f1d460d9588607933b8cab1844efeff5db |
Backdoor.Win32.DRIDEX.THEBCAI |
|
Solution Modules |
Pattern Branch |
Release Date |
Detection/Policy/Rules |
|
PREDICTIVE LEARNING (TRENDX) |
In-the-Cloud |
In-the-Cloud |
TROJ.Win32.TRX.XXPE50FFF032 |
|
FILE DETECTION (VSAPI/SMART SCAN) AND ADVANCED THREAT SCAN ENGINE (ATSE) |
15.433.00 |
15/10/2019 |
Ransom.Win32.BITPAYMER.TGACAM |
|
BEHAVIORAL MONITORING (AEGIS) |
RAN4052T, MALWARE BEHAVIOR BLOCKING |
||
|
SANDBOX SOLUTION |
VAN_RANSOMWARE.UMXX |
||
|
DEEP SECURITY |
|
|
1007596 - Identified Suspicious File Extension Rename Activity Over Network Share |
|
|
|
|
1007598 - Identified Suspicious Rename Activity Over Network Share |
|
TIPPINGPOINT |
|
|
36513 TCP FBitPaymer Ransomware - Payload Transfer Detection |
What is BitPaymer Ransomware Intrusion Method?
On your hard drive, the Bitpaymer ransomware copies any affected files. It usually has the filename (random name).exe. Then it creates a new startup key with the value (random name).exe and the name Bitpaymer ransomware. Additionally, you can locate it in your processes list as Bitpaymer ransomware or name (random name).exe. Additionally, it has the ability to generate a Bitpaymer ransomware folder under C:\Program Files\ or C:\ProgramData.
Need some more information? Check this out!
Ransomware, Sandboxing, and How IT Services in Orange County Can Help
Ransomware is gaining worldwide attention recently, especially after the WannaCry attack that infected more than 200,000 computers in over 150 countries…
Why is Proactive IT Support in Orange County Better than Reactive?
Reactive IT will ultimately cost you more— at least in most scenarios This is for the same reason that refraining from changing your oil regularly can ruin your car’s engine…
Monster under your bed- Ransomware Attacks
One of business owners’ nightmare is to be attacked by an unknown enemy in the web. A Chicago- based CNA Financial Corporation did not deny nor validate a report from…
