Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts discovered a new variant of Shadow BTCware Ransomware Variant

The security expert Michael Gillespie discovered a new variant of the Shadow BTCware Ransomware which is manually installed on unsecured systems. The security expert Michael Gillespie discovered a new variant of the BTCWare ransomware, the malicious code was spread by hacking into poorly protected remote desktop services and manually installed by crooks. The new Shadow BTCware Ransomware variant appends the .[email]-id-id.shadow extension to the encrypted files, […]

Shadow Ransomware (BTCWare) Ransom Note

The security expert Michael Gillespie discovered a new variant of the Shadow BTCware Ransomware which is manually installed on unsecured systems.

The security expert Michael Gillespie discovered a new variant of the BTCWare ransomware, the malicious code was spread by hacking into poorly protected remote desktop services and manually installed by crooks.

The new Shadow BTCware Ransomware variant appends the .[email]-id-id.shadow extension to the encrypted files, compared to previous versions it uses new email addresses a victim should contact to receive the instructions to pay the ransomware.

In the last version analyzed by the expert and reported by Bleeping Computer,  the contact email address used by crooks is paydayz@cock.li.

Shadow BTCware Ransomware Ransom Note

The extension appended to encrypted files is also changed, the Shadow BTCware Ransomware variant appends the .[email]-id-[id].shadow extension to encrypted file’s name.  (i.e. The file test.jpg is renamed to test.jpg.[paydayz@cock.li]-id-C0C.shadow).

“All your files have been encrypted! 

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail paydayz@cock.li
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins.” reads an excerpt of the ransom note

As usual, to protect your system you need a proper cybersecurity posture. You should have a reliable and tested backup of data and of course, you have to use behavioral detections security solutions.

As usual, let me suggest to do not open attachments coming with unsolicited email messages, malware scan attachments with security tools (i.e. VirusTotal), make sure the OS and all the software are up to date.

Use strong passwords to protect your web services and never reuse the same password at multiple sites.

Further details, including the IoCs, have been published by Bleeping Computer.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Shadow BTCware Ransomware, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]