BitStak is one of the worst-coded ransomware variants ever

Jul 8, 2016 21:15 GMT  ·  By

Victims who got infected with the BitStak ransomware now have a chance to recover their files without having to pay the ransom, thanks to a decrypter made available for free by security researcher Michael Gillespie.

BitStak is a new piece of ransomware that appeared this week, when security researchers from MalwareHunterTeam came across this threat. According to several researchers who analyzed the ransomware's source code, calling it a "threat" is an insult to other ransomware variants because its code was written by an inexperienced developer.

BitStak deemed low-end ransomware

It is to no surprise that it didn't take more than a few hours after the ransomware was spotted for Michael Gillespie to craft a decrypter to reverse the encryption routine through which BitStak locked user files.

After you download it from here, the decrypter is simple and straightforward to use. Just double-click it and press the giant button that says "Decrypt Files."

Users who have been infected with ransomware can use the ID-Ransomware service to identify if BitStak is the culprit, based on an encrypted file and the ransom note. Below is an image of the standard BitStak ransom note.

BitStak jumbles all file and folder names

Additionally, users can also spot a BitStak infection based on the way the encrypted files are renamed.

While normal ransomware just appends an extension at the end of the file, BitStak goes one step further, by creating random names for both the files and the folders in which it locks files.

Something like image.png will be renamed to "diolx.htp.bitstak," with all character being chosen at random. This prevents victims from identifying the nature of the locked files and what they contained before the infection.

A normal BitStak infection asks users to pay 0.07 Bitcoin ($45 / €40). This is a very small amount of money compared to other ransomware families, but probably, BitStak's author knew he didn't create the best ransomware around, so he was just trying to get as much money as he could, but in smaller amounts.

Users that encounter problems with the decrypter or spot an undecryptable BitStak version can ask for help on this forum topic.  

BitStak ransom note
BitStak ransom note

Photo Gallery (2 Images)

BitStak decrypter
BitStak ransom note
Open gallery