Security researchers found a brand new version of the Shadow BTCware Ransomware which can be installed manually on unprotected systems.
Being installed on the machine, the new variant of the Shadow BTCware Ransomware instantly appends the .[email]-id-id.shadow extension to all the encrypted files.
When compared to some of its older versions, the new malware variant uses new email addresses which victims should contact to receive instructions for paying the ransomware.
In the most recent version of the Shadow BTCware Ransomware the contact email address which hackers use is paydayz@cock.li.
The extension of the encrypted files has also changed. The latest version of Shadow BTCware Ransomware appends .[email]-id-[id].shadow extension to encrypted file’s name (i.e. The file test.jpg is renamed to est.jpg.[paydayz@cock.li]-id-C0C.shadow).
“All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail paydayz@cock.li.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee.
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins.” an excerpt of the ransom note states.
In order to protect your system, you should install a reliable security software and keep a tested backup of your data. Use strong passwords to protect your web services and never reuse the same password at multiple websites.
Also, do not open any attachments sent with unsolicited email messages, scan the attachments with security proper tools, and make sure that the OS is updated at all times.
