Bitdefender provides a tool for decrypting files after a BTCWare attack

Users of infected computers with BTCWare ransomware no longer have to pay ransom money to hackers. Bitdefender, a leader in the antivirus software industry, has released a free tool that allows you to quickly regain access to encrypted data.

The BTCWare Decryptor solution is available as a stand-alone tool or as part of a free package within Bitdefender Ransomware Recognition . In case the user is convinced that the files have been encrypted by BTCWare, he should download the tool from the indicated location and install it on the infected device. In the next stage, Bitdefender Ransomware Recognition will recognize the type of encryption virus and then suggest using the appropriate program for decryption.


BTCWare Decryptor.

BTCWare Ransomware and its several variants were detected at the beginning of March 2017. Since then, at least 9 ransomware viruses have been created, which are based on the BTCWare code. BTCWare Decryptor allows you to decrypt files with the following extensions:

  • .btcware
  • .cryptobyte
  • .onyon
  • .xfile
  • .cryptowin
  • .theva
  • .master
  • .aleta
  • .blocking

Log generation

When you try to decrypt, logs are generated in the " % temp% \ BitdefenderRemovalTool " folder. Although there are two types of logs, the file BitdefenderLog.txt is more important for this operation. If you have problems with the tool, Bitdefender asks you to contact and provide the log log:


Generated log.

Decryption can end with fiasco

Sometimes, file recovery can fail. This happens when the malware attempts to encrypt files used by the operating system, and the decryptor can not delete or replace the original. Such files will be displayed in the event log with additional explanation. Another variant includes the case when the original file was encrypted and the copy was renamed to an extension suggesting that it is encrypted, although it did not actually happen.


Files that will not be decrypted.

The decryption tool can be downloaded directly from the manufacturer's website or after recognizing the ransomware variant by Bitdefender Ransomware Recognition.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.