BlackPink Ransomware

The BlackPink Ransomware is an encryption ransomware Trojan. The BlackPink Ransomware seems to target computer users in Korean speaking regions and is part of the Xorist family of ransomware. The BlackPink Ransomware carries out a typical encryption ransomware attack, making the victims' files inaccessible to demand a ransom payment in exchange for rehabilitating access to the compromised data.

Which Files will be Targeted by the BlackPink Ransomware Attack

The BlackPink Ransomware marks the files encrypted by its attack with the file extension .BlackPink, which may reference a Korean music group of the same name. The BlackPink Ransomware uses a strong encryption algorithm in its attack to target the user-generated files, which may encompass the files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The BlackPink Ransomware attack aims to make the victim's files inaccessible. After the victim loses access to the data on their PCs, the BlackPink Ransomware will deliver a ransom note. This ransom note will take the form of a text file named 'how_to_recver_files.txt,' which will appear on the affected computer's desktop. The BlackPink Ransomware ransom note is written in Korean. Below is a translation of the text of the BlackPink Ransomware's ransom demand:

‘Be advised:
All files, photo documents, and data are encrypted with military-grade encryption RSA AES-256.
Your information will not be lost. However, it was encrypted.
You must purchase Decrypter to restore your files.
Follow these steps to restore the file.
1 * Please download Tor browser. (Just type "Tor Download" into Google.)
2 * Browse to URL: http://www.google.com
3 * To restore files, purchase Decryptor.

Caution:
Do not modify or delete encrypted files. It can be difficult to restore.
Support:
You can contact the support center to help decipher the file.'

Protecting Your Computer from the BlackPink Ransomware

The best protection against threats like the BlackPink Ransomware is to have backup copies of your data and storing them on the cloud or a portable memory device. Apart from file backups, it also is recommended that computer users have a security program installed, capable of intercepting the BlackPink Ransomware attack and removing this threat in the event of an infection. Apart from file backups and a security program, the users should exercise caution when exposed to risky online content that could be used to distribute threats like the BlackPink Ransomware, such as unsolicited email attachments and suspicious file downloads.