BitPaymer Ransomware Recovery Services

Call us at 949-281-4998 anytime, 24/7.
We understand you need help fast.

Or provide your contact information, and we’ll get back to you quickly.

  • This field is for validation purposes and should be left unchanged.

Has Your Business Fallen Victim to BitPaymer Ransomware?

Our Ransomware Response Team is ready to help. Specializing in Helping Businesses remove ransomware & restore encrypted files.

BitPaymer Ransomware Recovery Services

Rely on Intelecis to prioritize your data recovery because downtime has a significant negative impact on business performance across all industries. Numerous businesses have benefited from the expertise of our well-equipped Ransomware Team.

What is BitPaymer?

By targeting medical facilities through the remote desktop protocol and other email-related methods, the BitPaymer malware temporarily shut down regular services in exchange for a large ransom. Later, security experts provided proof that not only was BitPaymer being dropped by DRIDEX, but that it also originated from the same cybercriminal organization.

The malware’s execution chain is described in great detail in a paper by Trend Micro.

Hash

Detection Name

f8ed1a7ec231cd0aaeee9498541e822133d406d8

Ransom.Win32.BITPAYMER.TGACAM

47ff3a11ca6f1c088799afaaafadcd46b89f44ac

TROJ_GEN.R011C0WGA19

94b37a49c91f8bae7817be8892520c8e50ce62d5

Ransom.Win32.BITPAYMER.TGACAM

fea875bee31434f43bba4384cade7bba83af6404

TROJ_GEN.R007C0PAG20

66bb444ea7e54b7f6b6a1305bed3556191ceeaf2

TROJ_GEN.R03FC0DFH19

babcc902eb4fda6824a9f63fea9267e21eb256ae

TROJ_GEN.R011C0PFO19

3752eaae8633c361a26aa763e2688ecf62c1a61f

TROJ_GEN.R011C0PFI19

bc2b35e453a31cda3b430ff25391c66899981d2a

TROJ_GEN.R011C0RFF19

adf3580cc8115d206ed15a881bb8144dec068b18

Ransom.Win32.ICRYPT.AG

8abc0909a346553236e05f2fa8c12da7925440d0

TROJ_GEN.R011C0RFE19

84b1513647a3c15614741724e4cbec32e7b4af69

TROJ_GEN.R011C0WF719

195157993bffdd51e4bd2fe2ac5fcc0971033db7

TROJ_GEN.R011C0WF219

233aa2f1d460d9588607933b8cab1844efeff5db

Backdoor.Win32.DRIDEX.THEBCAI

Solution Modules

Pattern Branch

Release Date

Detection/Policy/Rules

PREDICTIVE LEARNING (TRENDX)

In-the-Cloud

In-the-Cloud

TROJ.Win32.TRX.XXPE50FFF032

FILE DETECTION (VSAPI/SMART SCAN) AND ADVANCED THREAT SCAN ENGINE (ATSE)

15.433.00

15/10/2019

Ransom.Win32.BITPAYMER.TGACAM
TROJ_GEN.R011C0WGA19
TROJ_GEN.R007C0PAG20
TROJ_GEN.R03FC0DFH19
TROJ_GEN.R011C0PFO19
TROJ_GEN.R011C0PFI19
TROJ_GEN.R011C0RFF19
Ransom.Win32.ICRYPT.AG
TROJ_GEN.R011C0RFE19
TROJ_GEN.R011C0WF719
TROJ_GEN.R011C0WF219
Backdoor.Win32.DRIDEX.THEBCAI

BEHAVIORAL MONITORING (AEGIS)

   

RAN4052T, MALWARE BEHAVIOR BLOCKING

SANDBOX SOLUTION

   

VAN_RANSOMWARE.UMXX

DEEP SECURITY

 

 

1007596 - Identified Suspicious File Extension Rename Activity Over Network Share

 

 

 

1007598 - Identified Suspicious Rename Activity Over Network Share

TIPPINGPOINT

 

 

36513 TCP FBitPaymer Ransomware - Payload Transfer Detection

What is BitPaymer Ransomware Intrusion Method?

On your hard drive, the Bitpaymer ransomware copies any affected files. It usually has the filename (random name).exe. Then it creates a new startup key with the value (random name).exe and the name Bitpaymer ransomware. Additionally, you can locate it in your processes list as Bitpaymer ransomware or name (random name).exe. Additionally, it has the ability to generate a Bitpaymer ransomware folder under C:\Program Files\ or C:\ProgramData.

Need some more information? Check this out!

IT services Orange County

Ransomware, Sandboxing, and How IT Services in Orange County Can Help

Ransomware is gaining worldwide attention recently, especially after the WannaCry attack that infected more than 200,000 computers in over 150 countries…

IT support Orange County

Why is Proactive IT Support in Orange County Better than Reactive?

Reactive IT will ultimately cost you more— at least in most scenarios This is for the same reason that refraining from changing your oil regularly can ruin your car’s engine…

Monster under your bed- Ransomware Attacks

One of business owners’ nightmare is to be attacked by an unknown enemy in the web. A Chicago- based CNA Financial Corporation did not deny nor validate a report from…