Some weeks ago, we have been blogging about a new ransomware called BitCrypt.

To sum it up shorty, we had found a new ransomware which encrypted all pictures on the machine it infected, and asked the user to pay a ransom to get the files back.

While we do not usually work on that kind of malware, preferring to dive into APT malware, we spent several hours on this one because of an indirect impact on a friend.

So we started reverse engineering the binary, and found a flaw in its encryption implementation, which we managed to break and get the encrypted files back.

During the following week, the decryption tool we released publicly helped some victims to successfully decrypt their images. That was before the BitCrypt author released a new version of his ransomware: Bitcrypt 2. We were curious enough to have a look on it.