Viruses-Extortionists. What Kinds of Them Are There and How to Protect Yourself from Them as Much as Possible
Previously, the word "virus" caused almost no fear, especially for experienced PC users. The overwhelming number of malicious programs was perfectly manageable by antivirus. But with the beginning of the "era of cryptocurrencies", there appeared new varieties of viruses that partially or completely encrypt user data and extort redemption in digital coins for their unlocking. These viruses are very complex and dangerous, even experts of cyber security are powerless with some of their representatives,. In this article, we will talk in detail about what these viruses are and how to protect themselves from them. Contents: (please, click the topic to scroll down to it)
  1. How do viruses that extort BTC work?
  2. History of viruses-extortionists
  3. The list of the most popular virus-extortionists
  4. How to secure your computer?
  5. Conclusion

1. How do viruses that extort BTC work?

Such Trojans are encrypted files that you can accidentally copy to your computer in a number of ways:
  • by clicking on a suspicious link;
  • downloading the file in an questionable source (only official stores and websites are trusted sources);
  • through an infected USB flash drive;
  • etc.
After the virus is inside the computer, its algorithm opens the fraudster access to the PC. Then, the creator of the virus in manual mode starts the process of hashing the victim's files using the generated arbitrary key, known only to him. After that, a message appears on the victim's monitor with a demand for redemption and deadline for the fulfillment of these conditions, which is established by the fraudster. It should be noted that there are no methods to combat this kind of Trojans. There are only two options left:
  • to pay ransom and hope for honesty of the extortioner;
  • to format the hard drive, reinstall the operating system and, accordingly, lose unsaved files.

2. History of viruses-extortionists

The idea of requiring a ransom for unlocking files is absolutely not new. Even a couple of decades before the appearance of Bitcoin, namely in 1989, the first large-scale attack of the virus-extortionist AIDS happened. This virus was distributed through infected diskettes, which were distributed to participants of one of the medical conferences. The principle of action of AIDS is about the same, but since it was a pioneer in this field, surely, the modern analogs are much more complex and more perfect than their ancestor.

3. The list of the most popular virus-extortionists

Let's briefly go over the list of the most high-profile Trojans in this area:


This virus is older than Bitcoin, the first mention of it was dated 2006, that's when he got to study in one of the antivirus laboratories. Archievus asymmetrically encrypted data that was in the folder "My Documents". The victim was asked to pay for the so-called "access services" in order to gain access to his\her own files again. Then it was a fiat, since the concepts of cryptocurrency had not yet existed.


This, in its time, very popular virus, getting on a hard or SSD drive turned the gadget into a "farm" for the production of cryptocurrency. When the complexity of mining was not very high, then users only lost some of their productivity.


Perhaps it is the most popular representative of extortionists from all of the above. The peak of activity occurred in May last year, then in just 24 hours more than 200,000 PCs were infected. Residents of Ukraine, India, Taiwan and Russia suffered the most. The WannaCrypt virus blocks access to private files and asks for a ransom of about 300 - 600 dollars (at the rate of BTC/USD in May 2017). There are two ways out: either pay or format.


The main "trick" of this virus is the fact that it is created for users of "unapproachable" for Trojans MacOS. It was distributed in 2016. It could be picked up by updating the torrent-client Transmission. 1BTC (for those times it's only $ 400) was asked from users of apple technology for unlocking files.

Bad Rabbit

"Bad rabbit" disturbed residents of Russia and Ukraine in late October 2017. Hackers through this virus encrypted the victims' data and requested a ransom of 0.05 BTC, (according to that rate it was about $ 300). This virus infected computers of editorial offices of popular mass media and state structures. In general, hackers tried to beat where loss of data was a very painful process.


This virus is not an extortionist. The principle of its work is to replace the cryptocurrency wallet in the clipboard. Combojack monitors when the user copies the address of cryptocurrency wallet and replaces it with another (of the virus’s creators, of course). The victim because of the banal inattention sends money to the wallet of the swindler. Transactions in the crypto are irreversible, and the attackers are betting on this.

4. How to secure your computer?

In order not to become a victim of scammers, one must adhere to the elementary rules:
  1. to never download files from untrusted sources;
  2. to use only licensed software and media files (movies, music, games, etc.);
  3. to use a secure connection in the browser;
  4. to purchase a license for a good antivirus;
  5. periodically (the more often, the better) to copy important files to an external medium.

5. Conclusion

There are a lot of different viruses in the World Wide Web. Some of them are harmless and unable to bring much trouble. But, along with them, there are also very complex and dangerous, which cannot be cured even by high-class specialists in the field of cyber security. Therefore, you must constantly be vigilant, use only licensed software and in a timely manner duplicate important files. Subscribe to The Coin Shark news in Facebook: