Threat Database Ransomware BlackRose Ransomware

BlackRose Ransomware

By GoldSparrow in Ransomware

The BlackRose Ransomware is a Trojan that is designed to encrypt the victims' files, keeping them locked to demand the payment of a ransom. The BlackRose Ransomware receives this name because of the email address used to contact its victims, 'black-rose(at)outlook.co.th.' Like most ransomware Trojans, the BlackRose Ransomware is used to encrypt the victim's files using a strong encryption method. The BlackRose Ransomware demands the payment of 1 BitCoin (approximately $1200 USD at the current exchange rate) to provide the decryption key necessary to recover the affected files. PC security researchers strongly advise computer users to refrain from paying the BlackRose Ransomware ransom, since there is no assurance that the people responsible for the BlackRose Ransomware attack will keep their promise and help computer users recover their files. Furthermore, paying the BlackRose Ransomware ransom allows these people to continue financing their attacks. The BlackRose Ransomware is based on the HiddenTear ransomware engine, an open source ransomware platform that has spawned countless ransomware variants since its original release in 2015.

The Rose that Brings Prejudice

The BlackRose Ransomware is designed to attack computer users located in English speaking countries, through a social engineering tactic that targets these computer users (although there is nothing preventing the BlackRose Ransomware from being installed in computers located in other regions). The BlackRose Ransomware is installed through a fake PDF file that uses a double extension to hide the true nature of the file, which is really an executable file designed to install the BlackRose Ransomware on the victim's computer. The BlackRose Ransomware scans the infected computer, searching for certain file types and then encryps them using a strong encryption method. Among the numerous file types the BlackRose Ransomware targets in its attacks, it will encrypt the following file types:

.3GP, .7Z, .APK, .AVI, .BMP, .CSV, .DB, .DBF, .DOCM, ,DOC, .EPUB, .DOCX, .FLV, .GIF, .ISO .IBOOKS,.JPEG, .JPG, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .TIFF, .TIF, .TXT, .WMV, .XLS, .XLSX, .XPS, .XML, .ZIP, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE.

The files encrypted in the attack will have a new file extension added to the end of the file name. The BlackRose Ransomware has been reported to use different file extensions in its attack, including the following:

  • .ranranranran
  • .okokokokok
  • .loveyouisrael
  • .whatthefuck

After encrypting the victim's files, the BlackRose Ransomware delivers its ransom note in the form of a text file named 'READ_IT_FOR_GET_YOUR_FILE.txt.' The text of the BlackRose Ransomware ransom note reads as follows:

'Files has been encrypted
Send me some 1 bitcoins or more to Address BITCOIN :
3Q2hTDPt1LMAAgQsNQAPJQxb9ZiwADYaFM
After Payment bitcoin please send your Address Bitcoin Payment to me at
black-rose@outlook.co.th
I will give File Decryptor for you in 24HR...'

Protecting Your Computer from the BlackRose Ransomware

Most ransomware Trojans like the BlackRose Ransomware follow a similar attack strategy. Luckily, computer users can protect their machines and wallets against these attacks by having file backups. If computer users have backup copies of all files, then this nullifies the entire BlackRose Ransomware attack completely. The con artists can no longer demand payments of a ransom from the victims since the affected computer users can simply restore the affected files from the backup copies. PC security researchers strongly advise computer users to establish file backups on the cloud, on an external memory device or using a disk image software. File backups mean that there is no need to pay the BlackRose Ransomware ransom, which is not recommended under any circumstance. Apart from having file backups, you should have a reliable security program that is fully up-to-date both to remove the BlackRose Ransomware infection itself and intercept it before it is installed on your computer. This, combined with caution when handling any unsolicited email messages or files downloaded from the Web, can help computer users prevent the BlackRose Ransomware infections and other, similar ransomware Trojans.

Trending

Most Viewed

Loading...