Victim's files are encrypted and renamed seemingly random names with the extension ".bitstak" appended. Folders are also renamed and have the extension added. For example, the file "Penguins.jpg" may be renamed "xfZdSbZU.aXd.bitstak".
When encryption has finished, the following screenlocker is shown.
The following folders are targeted.
C:/Program Files (x86)/
C:/Users/ + UserName + /AppData/Roaming/
C:/Users/ + UserName + /Documents/
C:/Users/ + UserName + /Downloads/
C:/Users/ + UserName + /Videos/
C:/Users/ + UserName + /Music/
C:/Users/ + UserName + /Pictures/
C:/Users/ + UserName + /Desktop/
The following extensions are targeted.
.txt, .doc, .exe, .dat, .bat, .vb, .zip, .7z, .rar, .jar, .mp3, .wav, .save, .mp4, .cfg, .flv, .php, .com, .db, .bin, .reg
If you or someone you know has been hit by this ransomware, please post here.
A decrypter is available here: http://www.bleepingcomputer.com/download/bitstakdecrypter/
Edited by Grinler, 28 July 2016 - 09:57 AM.