BlackHeart Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 5 |
| First Seen: | April 26, 2018 |
| Last Seen: | July 23, 2019 |
| OS(es) Affected: | Windows |
The BlackHeart Ransomware is an encryption ransomware Trojan that was first observed in April 2018. Several variants of the BlackHeart Ransomware were released in the weeks leading up to the BlackHeart Ransomware, and it is likely that the BlackHeart Ransomware is just one of many variants in a ransomware family that is being created with a ransomware builder, a tool that can be used to create different versions of the same encryption ransomware Trojan. Because of this, it is likely that the BlackHeart Ransomware is not the last variant in this family of ransomware that PC security researchers will observe.
How the BlackHeart Ransomware Carries out Its Attack
The BlackHeart Ransomware's attack is similar to most encryption ransomware Trojans; the BlackHeart Ransomware takes the victim's files hostage by using the AES encryption algorithm to make the victim's files inaccessible. The BlackHeart ransomware will target the user-generated files, which may include a wide variety of file types, including media files, databases, and numerous other user-generated files. The following are some examples of the files that threats like the BlackHeart Ransomware will target in their attacks:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
When the BlackHeart Ransomware enciphers a file, it will become inaccessible. Once the BlackHeart Ransomware has taken the victim's files hostage, the BlackHeart Ransomware will mark the affected files by adding a new file extension to their names. Different variants of the BlackHeart Ransomware have been observed to use different file extensions, including '.pay2me' and '.BlackRouter.' The BlackHeart Ransomware will deliver two different ransom notes, one contained in a text file named 'ReadME-BlackHeart.txt' and the other one delivered in a program window with the title 'Black Heart - Your Files Crypted.' The text on the ransom note contains the following message:
'All your data has been locked us. You want to return? Contact to: vahidkhaz123@gmail.com Your Personal KEY: [RANDOM CHARCTERS]'
A program window delivers the following message to the victim of the BlackHeart Ransomware attack:
'Black Heart
Personal Key:
[RANDOM CHARCTERS]
[Copy to clipboard|BUTTON]
Warning: Please Don't Restart og Shutdown Your PC ,
If you do it Your Personal Files Permanently Crypted.
For Decrypt Your Personal Just Pay 200$ or 0.024 BTC . After Pay You can sebd personal key to
EMail: vahidkhaz123@gmail.com
BTC Transfer Address: [34 RANDOM CHARCTERS]'
Protecting Your Data from a BlackHeart Ransomware Attack
Computer users must take precautions against the BlackHeart Ransomware attack. The best protection is to install a respected security program that is fully up-to-date and have file backups stored on external memory devices. File backups allow the victims of the BlackHeart Ransomware attack can restore their files quickly without having to resort to paying a ransom or contacting the people responsible for the attack. It is a bad idea to pay these ransoms. The people responsible for attacks like the BlackHeart Ransomware will ignore the victims' payments altogether frequently, or demand more money after the victim has shown a willingness to pay once.
