Severity scale:  
  (86/100)

Bitpaymer ransomware virus. How to remove? (Uninstall guide)

removal by Alice Woods - - | Type: Ransomware
12

Bit Paymer virus attacks health sector and demands to pay 50 Bitcoins

Bitpaymer ransomware

Bitpaymer, also known as Bit Paymer ransomware, is a file-encrypting virus that has been spotted on July 2017. Ir appends .locked file extension to various targeted files and demands to pay 50 Bitcoins for data recovery. A month after appearance, malware launched several cyber attacks to Scottish hospitals[1] and disturbed their work. Fortunately, it did not manage to cause huge damage.

Bit Paymer has a unique feature and creates a unique ransom note for each encrypted file. The name of the ransom note consists of the original filename and .readme_txt extension. For example, a file called document.txt gets a ransom note called document.txt.readme_txt. The ransom note reveals that the victim has to pay a specified sum of money in order to restore encrypted files.

The payment is only accepted in Bitcoins, which is the favorite cryptocurrency used in many illegal operations[2]. The payment system itself is legitimate; however, cyber criminals tend to use it to become anonymous and untrackable. But in a case of a ransomware attack[3], an immediate Bitpaymer removal is required to protect your PC from further malware attacks.

The Bitpaymer ransomware suggests installing Tor browser in order to access a particular ransom payment website. The payment website has no shame to ask the victim to pay 50 Bitcoins, which is an incredibly large sum of money – approximately 230,000 US dollars. We doubt that the Bitcoin wallet provided on that website will ever receive any payments from ransomware victims because such amount is simply unreasonable.

Speaking of alternative data recovery methods than paying the excessive ransom, there are some tools that you can try out. We have described possible data recovery techniques below this article. However, before taking any actions to recover your files, remove Bitpaymer virus first. To complete this task, we highly recommend using security programs such as Reimage that can eliminate spyware and malware from your PC.

If your files were encrypted by Bit Paymer, we hope that you had a data backup. It is the most efficient way of restoring files; however, not many ransomware victims have it. In case you’re reading this article because you want to find out more about the latest ransomware viruses, we strongly recommend you to create a data backup. For more security-related tips, visit NoVirus.uk site[4].

Bitpaymer hit Scottish Hospitals on the 25th of August 2017

The last Friday of August was terrifying for three hospitals at National Health Service’s (NHS) Lanarkshire outpost. Bitpaymer attacked Hairmyres Hospital in East Kilbride, Monklands Hospital in Airdrie and Wishaw General Hospital. Criminals asked to pay 53 Bitcoins which is about 190,000 British pounds. Currently, there’s no proved information that the ransom was paid.

NHS Lanarkshire reported[5] about the issue and shared the news that hospitals’ security and IT systems were under control. Ransomware affected phone and staff rostering system mostly. Therefore, the attack disturbed hospitals’ work. They had to postpone surgeries and cancel people appointments.

It’s unknown how Bit Paymer launched the attack. It is suspected that malware may have launched RDP brute-force attack. Security experts continue investigating this issue.

Ransomware distribution and infiltration methods

BitPaymer virus mainly attacks victims with unprotected computers. It mostly spreads via spam, Trojans, exploit kits, but it can also be pushed into your computer system with the help of an RDP attack. To protect your computer, you must complete several tasks and make sure you never make certain mistakes again.

First of all, we highly recommend that you secure your computer with anti-malware software to ward off malicious software. Then, you should create a data backup. Create copies of the most important files and transfer them to an external data storage device, such as hard drive or USB. Keep it away from the computer and use when needed only.

Finally, we suggest keeping all of your programs up-to-date. In other words, whenever your computer suggests you to install an update to programs that you already have, agree to do it. You can also enable automatic updates and save yourself some time. Please remember that you should never decide to install software updates presented by suspicious Internet sites – these can land some spyware/malware programs on your PC.

Wipe out Bitpaymer ransomware with security software

If you are one of those unfortunate victims whose computers were compromised by this virus, you must remove Bitpaymer as soon as you can. We suggest going the easiest way and running a system scan using anti-malware software, suchas Reimage. If you do not have it yet, firstly reboot your PC into Safe Mode with Networking. You can find comprehensive instructions on how to do it below.

Do not try to perform a manual Bitpaymer removal. It can only be completed by experienced IT professionals that have experience in dealing with malware like ransomware. Attempts to uninstall ransomware can result in failure and cause you a lot of problems.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Bitpaymer ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Bitpaymer ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual Bitpaymer virus Removal Guide:

Remove Bitpaymer using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

Delete the ransomware using anti-spyware or anti-malware software. If you do not have it yet, install it after rebooting your PC into Safe Mode with Networking. This mode should always be used when dealing with malware – it helps to temporarily disable the virus and clean up the computer system efficiently.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Bitpaymer

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Bitpaymer removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Bitpaymer using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Bitpaymer. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Bitpaymer removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Bitpaymer from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

Data backup clearly is the best tool when it comes to data recovery. If you haven't created it in the past, it will be quite hard to recover your files now. However, we suggest trying one of the provided methods to restore some of your files.

If your files are encrypted by Bitpaymer, you can use several methods to restore them:

Data Recovery Pro technique

Data Recovery Pro can help you to restore your files easily. Although it might not be able to break the encryption of Bitpaymer ransomware, it might successfully recover some of your files. This is how you should use this tool:

ShadowExplorer software

Volume Shadow Copies are extremely useful because they can help to restore corrupted files. However, ransomware viruses tend to delete them. You can check if your PC still contains some Volume Shadow Copies by running a scan with ShadowExplorer.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Bitpaymer and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions

References

Removal guides in other languages