BlackHeart Ransomware Description
The BlackHeart Ransomware is an encryption ransomware Trojan that was first observed in April 2018. Several variants of the BlackHeart Ransomware were released in the weeks leading up to the BlackHeart Ransomware, and it is likely that the BlackHeart Ransomware is just one of many variants in a ransomware family that is being created with a ransomware builder, a tool that can be used to create different versions of the same encryption ransomware Trojan. Because of this, it is likely that the BlackHeart Ransomware is not the last variant in this family of ransomware that PC security researchers will observe.
How the BlackHeart Ransomware Carries out Its Attack
The BlackHeart Ransomware's attack is similar to most encryption ransomware Trojans; the BlackHeart Ransomware takes the victim's files hostage by using the AES encryption algorithm to make the victim's files inaccessible. The BlackHeart ransomware will target the user-generated files, which may include a wide variety of file types, including media files, databases, and numerous other user-generated files. The following are some examples of the files that threats like the BlackHeart Ransomware will target in their attacks:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
When the BlackHeart Ransomware enciphers a file, it will become inaccessible. Once the BlackHeart Ransomware has taken the victim's files hostage, the BlackHeart Ransomware will mark the affected files by adding a new file extension to their names. Different variants of the BlackHeart Ransomware have been observed to use different file extensions, including '.pay2me' and '.BlackRouter.' The BlackHeart Ransomware will deliver two different ransom notes, one contained in a text file named 'ReadME-BlackHeart.txt' and the other one delivered in a program window with the title 'Black Heart - Your Files Crypted.' The text on the ransom note contains the following message:
'All your data has been locked us. You want to return? Contact to: firstname.lastname@example.org Your Personal KEY: [RANDOM CHARCTERS]'
A program window delivers the following message to the victim of the BlackHeart Ransomware attack:
[Copy to clipboard|BUTTON]
Warning: Please Don't Restart og Shutdown Your PC ,
If you do it Your Personal Files Permanently Crypted.
For Decrypt Your Personal Just Pay 200$ or 0.024 BTC . After Pay You can sebd personal key to
BTC Transfer Address: [34 RANDOM CHARCTERS]'
Protecting Your Data from a BlackHeart Ransomware Attack
Computer users must take precautions against the BlackHeart Ransomware attack. The best protection is to install a respected security program that is fully up-to-date and have file backups stored on external memory devices. File backups allow the victims of the BlackHeart Ransomware attack can restore their files quickly without having to resort to paying a ransom or contacting the people responsible for the attack. It is a bad idea to pay these ransoms. The people responsible for attacks like the BlackHeart Ransomware will ignore the victims' payments altogether frequently, or demand more money after the victim has shown a willingness to pay once.
File System Details
|#||File Name||Size||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.