Bttu ransomware is a generic ransomware infection, a variant of the Djvu/STOP ransomware. New variants of this ransomware family are released regularly by the cybercriminals who operate it, usually at least one or two new versions every week. There are currently hundreds of these ransomware versions, though they are very similar to one another. You can tell which one you are dealing with by the extension added to encrypted files. Your files will have .bttu added to them if your computer is infected with Bttu ransomware. Unfortunately, you might not be able to fully recover the files if you don’t have a backup. The malware operators will offer to sell you a decryptor for $980. However, paying is not advised because it does not ensure that a decryptor will be sent.


Bttu ransomware note


Bttu ransomware is the most recent Djvu/STOP ransomware version to be released by cyber criminals. This malware will begin encrypting your files as soon as you initiate it. It mainly focuses on personal files, such as photos, images, videos, documents, and so forth. The extension that gets added to encrypted files will let you know which files have been encrypted. It adds .bttu to be specific. An image.jpg file, for example, would become image.jpg.bttu. Unfortunately, unless you run a decryptor on them beforehand, you won’t be able to open any of these files. The _readme.txt ransom note provides instructions on how to obtain the decryptor.

Bttu ransomware files

The _readme.txt ransom note can be found in every folder that contains encrypted files. The note states that victims can buy a decryptor for $980. But supposedly, if users get in touch with the cybercriminals within the first 72 hours, they can get a 50% discount. Whether the discount part is true is not certain. But generally speaking, we do not recommend buying a decryptor from online criminals because there are no guarantees that you will get it. Keep in mind that you are dealing with cyber criminals, and nothing can stop them from simply taking your money without sending anything in return. Numerous victims have paid the ransom in the past but never received their decryptors. You decide whether to pay or not, but you should be aware of all the risks that come with it.

Users without backups will have a very difficult time recovering their files. Waiting for a free Bttu ransomware decryptor to become available is their only choice. However, because this ransomware uses online keys to encrypt files, developing one for malware researchers will be difficult. Online keys mean that each victim has a different key. For a decryptor to work on your files, your specific key is necessary. A free decryptor is not very likely until those keys are released by the malware authors. It’s possible that the keys may be released in the future, as has happened in the past. A free Djvu/STOP decryptor was also created by Emsisoft; although it’s unlikely to work in your case, it’s still worth a try. There are numerous fake and even malicious decryptors, so you should exercise caution when searching for them.

As soon as you remove Bttu ransomware from your computer, if you have a backup, you can open it to begin restoring your files. We strongly recommend using good anti-virus software. Avoid trying to do it manually because you can unintentionally do more harm.

How you can avoid a ransomware infection

Torrents, malicious emails with attachments, risky websites, etc. are common distribution methods for malware infections that target random users. Bad internet habits increase your chances of becoming infected with malware since you engage in risky activities more often. You may significantly lower your risk of getting malware by taking the time to develop better browsing habits and becoming aware of malware distribution methods.

It’s no secret that torrent sites frequently lack moderation, which results in torrents with malware in them being posted. All kinds of torrents often have malware in them, though it’s usually torrents for copyrighted content. The more popular something is, the more likely its torrent will contain malware. Malware is most often present in torrents for movies, TV shows, video games, software, etc. So it’s possible that this ransomware infected your computer when you used torrents to pirate copyrighted content.

You could have also opened a malicious email attachment, which would have allowed the ransomware to infect your machine. Ransomware is frequently downloaded by users through email attachments. The emails are typically easy to identify. The biggest giveaways are grammar and spelling mistakes. It’s rather clear that something is wrong when senders claim to be from legitimate companies but the emails are full of spelling and grammar mistakes.

Unsolicited emails containing attachments should always be examined carefully. Additionally, pay attention to how the sender addresses you. If you receive an email from someone who should know your name but they use generic words (e.g. User, Member, Customer) to address you, it’s likely that the email is malicious, or at least spam.

It’s worth mentioning that it’s a good idea to always scan email attachments with anti-virus software or VirusTotal before opening them because certain malicious emails might be more sophisticated.

How to remove Bttu ransomware

Trying to manually delete Bttu ransomware is not a good idea because you risk damaging your computer even more. Ransomware is a very sophisticated infection that should be left to a professional program. If you attempt to manually delete it, you might not be able to do it completely, which could allow the ransomware to recover. Your backed-up files would become encrypted if that happened while you were connected to your backup. Delete Bttu ransomware with anti-malware software to prevent causing additional damage to your computer. You can safely access your backup once the ransomware has been completely removed from your computer.

Your only choice may be to wait for a free decryptor to be released if you do not have backup copies of your files. Make a backup of your encrypted files and occasionally check NoMoreRansom for a free Bttu ransomware decryptor.

Bttu ransomware is detected as:

  • PWSX-gen [Trj] by Avast/AVG
  • A Variant Of Win32/Kryptik.HRYO by ESET
  • HEUR:Trojan.Win32.Scarsi.gen by Kaspersky
  • Trojan.MalPack.GS by Malwarebytes
  • Ransom.Win32.STOP.YXCLOZ by TrendMicro
  • Gen:Heur.Mint.Zard.52 by BitDefender
  • Trojan:Win32/SmokeLoader.KX!MTB by Microsoft

Bttu ransomware detections


Quick Menu

Step 1. Delete Bttu ransomware using Safe Mode with Networking.

Remove Bttu ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Bttu ransomware - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Bttu ransomware
Remove Bttu ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Bttu ransomware

Step 2. Restore Your Files using System Restore

Delete Bttu ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Bttu ransomware - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Bttu ransomware - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Bttu ransomware - restore point
  8. Click Next again and click Yes to begin the system restore. Bttu ransomware removal - restore message
Delete Bttu ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Bttu ransomware - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Bttu ransomware - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Bttu ransomware - restore init
  8. Choose the restore point prior to the infection. Bttu ransomware - restore point
  9. Click Next and then click Yes to restore your system. Bttu ransomware removal - restore message


More information about SpyWarrior and Uninstall Instructions. Please review SpyWarrior EULA and Privacy Policy. SpyWarrior scanner is free. If it detects a malware, purchase its full version to remove it.

  • WiperSoft Review Details WiperSoft ( is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Site Disclaimer is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply