BlackHeart Ransomware

BlackHeart Ransomware Description

The BlackHeart Ransomware is an encryption ransomware Trojan that was first observed in April 2018. Several variants of the BlackHeart Ransomware were released in the weeks leading up to the BlackHeart Ransomware, and it is likely that the BlackHeart Ransomware is just one of many variants in a ransomware family that is being created with a ransomware builder, a tool that can be used to create different versions of the same encryption ransomware Trojan. Because of this, it is likely that the BlackHeart Ransomware is not the last variant in this family of ransomware that PC security researchers will observe.

How the BlackHeart Ransomware Carries out Its Attack

The BlackHeart Ransomware's attack is similar to most encryption ransomware Trojans; the BlackHeart Ransomware takes the victim's files hostage by using the AES encryption algorithm to make the victim's files inaccessible. The BlackHeart ransomware will target the user-generated files, which may include a wide variety of file types, including media files, databases, and numerous other user-generated files. The following are some examples of the files that threats like the BlackHeart Ransomware will target in their attacks:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

When the BlackHeart Ransomware enciphers a file, it will become inaccessible. Once the BlackHeart Ransomware has taken the victim's files hostage, the BlackHeart Ransomware will mark the affected files by adding a new file extension to their names. Different variants of the BlackHeart Ransomware have been observed to use different file extensions, including '.pay2me' and '.BlackRouter.' The BlackHeart Ransomware will deliver two different ransom notes, one contained in a text file named 'ReadME-BlackHeart.txt' and the other one delivered in a program window with the title 'Black Heart - Your Files Crypted.' The text on the ransom note contains the following message:

'All your data has been locked us. You want to return? Contact to: vahidkhaz123@gmail.com Your Personal KEY: [RANDOM CHARCTERS]'

A program window delivers the following message to the victim of the BlackHeart Ransomware attack:

'Black Heart
Personal Key:
[RANDOM CHARCTERS]
[Copy to clipboard|BUTTON]
Warning: Please Don't Restart og Shutdown Your PC ,
If you do it Your Personal Files Permanently Crypted.
For Decrypt Your Personal Just Pay 200$ or 0.024 BTC . After Pay You can sebd personal key to
EMail: vahidkhaz123@gmail.com
BTC Transfer Address: [34 RANDOM CHARCTERS]'

Protecting Your Data from a BlackHeart Ransomware Attack

Computer users must take precautions against the BlackHeart Ransomware attack. The best protection is to install a respected security program that is fully up-to-date and have file backups stored on external memory devices. File backups allow the victims of the BlackHeart Ransomware attack can restore their files quickly without having to resort to paying a ransom or contacting the people responsible for the attack. It is a bad idea to pay these ransoms. The people responsible for attacks like the BlackHeart Ransomware will ignore the victims' payments altogether frequently, or demand more money after the victim has shown a willingness to pay once.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.