BlackHat Ransomware
The BlackHat Ransomware is an encryption ransomware Trojan that seems closely related to a ransomware Trojan released in May of 2017 with the name MoWare H.F.D Ransomware. The BlackHat Ransomware receives its name because of the program window of the BlackHat Ransomware's ransom note. The BlackHat Ransomware carries out a typical encryption ransomware Trojan attack, taking over the victim's computer and using a strong encryption algorithm to encrypt the victim's files to take them hostage. The BlackHat Ransomware was first observed on September 12, 2017. The BlackHat Ransomware seems to use XOR to encrypt the victim's files in its attack. The most common way of distributing the BlackHat Ransomware is through the use of corrupted spam email attachments. The BlackHat Ransomware will be installed via a corrupted macro script when the victim opens the spam email message. Because of this, learning to spot and prevent these email tactics is an essential part of preventing these attacks.
The Malignant Shadow of this Black Hat
The BlackHat Ransomware, in its attack, will use the XOR encryption to target more than 660 different types of files. The BlackHat Ransomware will scan the victim's computer for files matching these files' extensions and then encrypt them with its encryption algorithm. Encrypting a file like this makes the file unusable since Windows will not be able to read its contents. The BlackHat Ransomware attack will retain some characteristics of its predecessor in some cases. For example, some computer users have reported that the files encrypted by the BlackHat Ransomware attack will be marked with the file extension '.H_F_D_locked,' added to the end of each affected file. The files encrypted in this manner will appear as blank icons in the Windows Explorer, and the victim's applications will no longer be able to be open them.
How the BlackHat Ransomware Demands Its Ransom Payment
The BlackHat Ransomware will demand a ransom payment after the victim's files have been encrypted. To do this, the BlackHat Ransomware will generate a program window with the name 'BlackHat.' This program window contains the following ransom note:
'blackhat
Your Personal Files has been Encrypted and Locked
Your documents, photos, databases and other important files have been encrypted with strongest encryption and locked with unique key, generated for this computer.
Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key.
Frequently Asked Questions
What happened to my files ? understanding the issue
How can i get my files back ? the only way to restore your files
What should i do next ? Buy decryption key
Now you have the last chance to decrypt your files.
1. Buy Bitcoin (hxxps://blockchain.info)
2. Send amount of 200 dollar to address: 1LZnKJDsiygvLuYpbSJr1iyT6bav7VyWM5
3. Transaction will take about 15-30 minutes to confirm.
4. When transaction is confirmed, send email to us at blackhatdarkmatrix@gmail.com
Time Left
[24H COUNTDOWN]
price will increase with 400 bitcoin when time expired
[Click here to restore and recover your files|Web LINK]'
Note that the ransom note claims that the victim's ransom will be increased with '400 bitcoins' if the payment isn't carried out in 24 hours. This is an absurd amount (nearly half a million dollars!) and is most likely a typo. Regardless of the aims of the BlackHat Ransomware ransom note, avoid paying these ransoms. Paying the BlackHat Ransomware ransom allows the people responsible for the BlackHat Ransomware to profit from these attacks and continue financing the development of these threats. Instead, PC security researchers advise computer users to take steps to back up their data on the cloud or an external driver. Having a good backup method can make computer users invulnerable against ransomware attacks like the BlackHat Ransomware since the people responsible for the BlackHat Ransomware attack lose any leverage they have over their victims.
