Black Feather Ransomware

The Black Feather Ransomware is a variant of the well-known HiddenTear family of ransomware. The Black Feather Ransomware was first uncovered in September of 2016 and represents a threat to computer users. Although it seems that there is little to differentiate the Black Feather Ransomware from the well-known HiddenTear ransomware family, the Black Feather Ransomware has been branded with the 'the Black Feather' logo and brand uniquely as a way to call attention to itself.

The Black Feather that Prevents You from Accessing Your Data

The Black Feather Ransomware attack is not particularly original. The Black Feather Ransomware uses the AES encryption to take over its victims' files. Whenever the Black Feather Ransomware encrypts a file, it changes the files' extension to '.blackfeather,' making it simple to distinguish files that have been encrypted by the Black Feather Ransomware from those that have remained untouched. The Black Feather Ransomware drops its ransom notes in the form of text files placed in each directory where it encrypted files. The text file containing the Black Feather Ransomware's ransom note is named 'BLACK_FEATHER.txt.' The Black Feather Ransomware displays its main ransom note as part of its attack; the Black Feather Ransomware's text files contain the following information:

This is a backup of the deposit address.
Send 0.3 BTC to decrypt your files
Validate payment in the program.
1C25YQEAMFJAj2TaUkxGhgvwicKzWhXDQy

The Black Feather Ransomware Takes an Extra Step to Confuse Its Victims

The Black Feather Ransomware is delivered in the form of a corrupted PDF file which contains the Black Feather Ransomware's corrupted executable. However, the Black Feather Ransomware will display messages to its victims to confuse them and ensure that file encryption can occur in the background while the victim is distracted. When the victim downloads the Black Feather Ransomware's corrupted PDF file (which may be distributed as a spam email attachment or contained in a popular peer-to-peer file download), the following error message appears:

There was an error opening this document. The file is damaged and could not be repaired.

Of course, this is not true. Rather, this message is simply meant to distract the victim while the Black Feather Ransomware carries out its attack, encrypting the victim's files in the background. The main purpose of the Black Feather Ransomware's attack is to encrypt the victim's files and then demand that the victim pays a large ransom to recover access to the files. The Black Feather Ransomware's ransom is at 0.3 BitCoin currently, or approximately $200 USD. Once the Black Feather Ransomware has finished encrypting the victim's files, the above message will change, and a new message will be displayed on the victim's computer:

Welcome to the Black Feather.
Thank you for downloading our software.
All of your files have been encrypted with a secure 256-bit HASH.
This means you can no longer access your files without the decryption key.
You can decrypt your files by paying us 0.3 BTC, this will remove the encryption
and give you full access to your files again.

PC security analysts advise computer users against paying the ransom when dealing with these threats. This should be observed especially when it comes to the Black Feather Ransomware. The decryption key used by the Black Feather Ransomware is not saved anywhere or relayed to its Command and Control server. Essentially, the Black Feather Ransomware does not have the tools to decrypt the files. This means that, even after victims pay the Black Feather Ransomware ransom, the people responsible for the Black Feather Ransomware will not be able to provide any decryption key or way to decrypt the files.

Dealing with the Black Feather Ransomware

The best way to deal with a Black Feather Ransomware infection is to restore the files from a backup. It is also possible that a decryption utility will be released soon since the Black Feather Ransomware is a variant of HiddenTear, which is well-known. However, computer users are strongly advised against paying the Black Feather Ransomware ransom.