CryptBIT 2.0 Ransomware Threatens to Leak Files


CryptBIT 2.0 is a new variant of file-encrypting malware, also known as ransomware. It represents a continuation of the CryptBIT ransomware under a new name and in a new package.

CryptBIT 2.0 will encrypt most files on a system, change its desktop wallpaper and then deposit its ransom demands inside a text file.

Encrypted files will go through a name change, having the extension ".cryptbit" appended after their original one. This will turn a file called "image.jpg" into "image.jpg.cryptbit".

The ransom note is deposited inside a file called "CryptBIT2.0-restore-files.txt". The note threatens to leak sensitive information stolen from the victim if the ransom is not paid within 7 days. The full note goes as follows:


Now your files are crypted with the strongest millitary algorithms RSA4096 and AES-256.
In addition, all encrypted files have been sent to our server
and in the event of non-payment within 7 days,they will be made public.

Do not rename encrypted files.
Do not try to decrypt your data using third party software.
You can only do damage to your files, lose your money and time.

In order to confirm that we are not scammers, you can send 2-3 files to the email address below.
Files should be less than 5 MB and contain no valuable data (Databases, backups, large excel sheets, etc.).
Please don't forget to write the name of your company in the subject of your e-mail.
You will receive decrypted samples.

To recover all files you must contact us for a private quote by the contact email.
You have to pay for decryption in Bitcoins.

P.S. Remember, we are not scammers.
We don't need your data or information but after 7 days all files and keys will be deleted automatically.
Write to us immediately after infection
All your files will be restored. We guarantee.

Contact email:
cryptbit2.0 at protonmail dot com

BTC wallet:
[alphanumeric string]

Have a nice day
CryptBIT 2.0 ransomware group

November 22, 2022