What is Btnw ransomware?
Btnw is a new ransomware strain in the STOP/Djvu family. It is very similar to other such strains (check out Mppn for comparison). It does, however, encrypt the files differently, so encryption methods that work on other STOP/Djvu viruses, such as Emsisoft Decryptor, may not work on this particular strain.
Btwn operates in the exactly same manner as all other ransomware programs. First, it encrypts all user files, then renames them (giving them .btnw file extension), and then finally creates a ransom note named “_readme.txt”. This note can be read on the image above; we will also summarize the demands in the next paragraph.
Just like every other ransomware in the STOP/Djvu family, Btwn demands $980 to decrypt the files. The note also offers a 50% discount for the first three days after infection; you should be aware that this is an attempt to manipulate victims into paying.
So, should you pay? Probably not. Hackers behind ransomware often ignore the victims and disappear without decrypting their files. It’s possible that you will get your files back by paying, but it is by no means a certainty.
The guide below will describe several alternative ways to remove Btwn ransomware and decrypt .btwn files, ones that don’t rely on paying the hackers.