BTCWare is an updated version of a ransomware-type virus called CryptXXX. This ransomware is distributed via a malicious application called "Rogers Hi-Speed Internet".
Newer variants of this ransomware append .nuclear, .aleta, .gryphon, .nopasaran, .blocking, .xfile, .master, .onyon, .theva, .cryptobyte or .cryptowin extensions to encrypted files. BTCWare then creates an HTM file ("#_HOW_TO_FIX_!.hta.htm"), placing it on the desktop. Other variants of this ransomware use !#_RESTORE_FILES_#!.inf file to store their ransom demanding message.
