BlackToxic Ransomware
The BlackToxic Ransomware threat is equipped with a sufficiently strong encryption algorithm to lock users out of their own data. The goal of the threat is to encrypt all files that match the list of targeted file types on the breached devices. Typically, malware of this type can affect a large set of different, including documents, archives, databases, photos and many more. Analysis of BlackToxic has revealed that the threat is a variant created by using Chaos Ransomware as a basis.
Among the distinguishing feature of this threat is the '.KsiRu0w2' file extension that will be appended to the original names of all encrypted files. In addition, the threat will set a new image as the default desktop background on the system. Victims also will notice the appearance of an unfamiliar text file named 'read_it.txt.' Opening the file reveals that it contains a ransom note with instructions from the hackers.
Ransom Note's Details
Reading the BlackToxic Ransomware's message fails to inspire any confidence in the ability of the hackers to restore the encrypted files. The note states that victims must pay a ransom using the Bitcoin cryptocurrency. The money is expected to be transferred to the provided crypto-wallet address. The attackers also claim that they have been able to collect important files from the infected devices.
Red flags start to appear when victims realize that the note doesn't mention the exact sum of the demanded ransom. There is no way to contact the threat actors, either. Such a gross oversight is unlikely to be made by an organized cybercrime group. It also puts the entire statement that the attackers can restore the encrypted files under question.
The full text of BlackToxic Ransomware's note is:
'( (:{You Been Hit By The BlackToxic RansomNote}:) )
========================================= ========================================
To get your files back you must pay in btc dont delete this ransom or else your files wil be gone ========forever!!!!!!!!=========== also your files will be recoverd when you pay the blacktoxic
=======> ramsomnote<========= and your files will be uploaded to our database this could be the fBI or someone spying in you as a hitman if you dont want this to happen you must ++ pay our ransomenote to this address in btc only!!!! =================>1NScbuZLaqt88Q3qr6baeiJVmZNuNSdS7k <=================
========================================= ========================================
Hacked+By+BGT-BlackToxicRansome=================Note
you must pay within 48hrs or your files is not going to be recoverd by this ransome unless you pay
otherwise as we have the decryption key that will help you to revover your important files!!!!!!!'
