BlackCocaine Ransomware

By Mezo in Ransomware

Translate To:

Infosec researchers have discovered a sophisticated malware threat leveraged by a recently established cybercriminal group. The hackers operate under the name BlackCocaine and this also is the designation given to their malware creation. The threat that was deployed in an attack against an India-based IT company, was classified as complex ransomware.

The BlackCocaine Ransomware is written using the Go language and dropped as a UPX-packed executable file that targets 64-bit Windows systems. Before initiating its main functionality, the threat performs a series of anti-VM tests. It also is equipped with several anti-debugging techniques making analysis that much harder. If all the tests are passed successfully, BlackCocaine will proceed to enumerate the files stored on the breached system and then encrypt them with a combination of the AES and RSA cryptographic algorithms.

All files affected in this manner will have '.BlackCocaine' appended to their original names as a new extension. Upon completion of the encryption process, the threat will deliver a ransom note as a text file named 'HOW_TO_RECOVER_FILES.BlackCocaine.txt.'

The BlackCocaine ransomware gang has a dedicated website created as a .top domain. With the start of their activities, users and organizations should adjust their security measures to account for yet another threat actor on the ransomware field.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

BlackCocaine Ransomware

Submit Comment

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen