'.BlackHat File Extension' Ransomware

The '.BlackHat File Extension' Ransomware is an encryption ransomware Trojan that seems to be part of a malware campaign targeting computers in Southeast Asia. The '.BlackHat File Extension' Ransomware was first released in November 14, 2018, and is not related to the BlackHat Ransomware Trojan, released in 2017. The '.BlackHat File Extension' Ransomware can be identified easily because it marks all files encrypted by its attack by adding the file extension '.BlackHat' to each affected file's name. The '.BlackHat File Extension' Ransomware, like most threats of this type, is designed to make the victim's files inaccessible, demanding a ransom payment from the victim in exchange for the decryption key needed to restore the compromised data.

The '.BlackHat File Extension' Ransomware can Affect a Huge Amount of Files

The '.BlackHat File Extension' Ransomware, like most encryption ransomware Trojans, will use a strong encryption algorithm in its attack to make the victim's files inaccessible. In the '.BlackHat File Extension' Ransomware's case, this encryption algorithm is the AES 256. The '.BlackHat File Extension' Ransomware's attack targets the user-generated files, which may include a variety of media files, document types and databases. The following are examples of the files that threats like the '.BlackHat File Extension' Ransomware target in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '.BlackHat File Extension' Ransomware delivers a ransom note in the form of a text file after encrypting and renaming the victim's files. The '.BlackHat File Extension' Ransomware's ransom note is named 'ReadME-BlackHat.txt' and is dropped on the infected computer's desktop. This ransom note contains the following message:

'All your data has been locked us. You want to return? Contact to Email: mehtihack051@gmail.com or ID Telegram: @C3NTER Your Personal KEY: [random characters]'

It is highly recommended that computer users refrain from contacting the criminals, either via Telegram or via email, and avoid paying any ransom associated with the '.BlackHat File Extension' Ransomware attack.

Protecting Your Data from Threats Like the '.BlackHat File Extension' Ransomware

The best protection against threats like the '.BlackHat File Extension' Ransomware is to have the ability to restore any data encrypted by the attack. Computer users can protect their files by having backup copies of all data and storing these backups on external devices. Apart from file backups, computer users must have a strong security program that is fully up-to-date to intercept any attacks associated with the '.BlackHat File Extension' Ransomware. Unfortunately, security software will be incapable of decrypting the files encrypted by the '.BlackHat File Extension' Ransomware and the only option will be to replace the affected files from a backup copy.