Black Hunt Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 17,958 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 20 |
| First Seen: | May 9, 2022 |
| Last Seen: | July 7, 2023 |
| OS(es) Affected: | Windows |
A newly uncovered threat, the Black Hunt Ransomware possesses highly destructive capabilities since when it infects a computer, all the files stored on the targeted machine will suffer a nearly irreversible encryption, making these files inaccessible and unusable. The Black Hunt Ransomware will make it easy to know which files are damaged because it modifies their native names by appending them the '.Black' file extension. When the file encryption is done, the Black Hunt Ransomware will create two ransom notes named "#BlackHunt_ReadMe.hta" and "#BlackHunt_ReadMe.txt" and deliver them to the victim's desktop.
These ransom notes carry various instructions for the victims and warn them that the criminals handling the Black Hunt Ransomware have collected highly confidential data from the hacked systems and sent it to a remote server controlled by them. If victims disagree with their demands, they claim that the data will be released publicly, and the files will be lost forever. As we can see, the only option left to the victims of the Black Hunt Ransomware is to pay the ransom if they want their data back. However, the worse choice a victim can make is to reward criminals by sending them money.
Both ransom notes provide three email addresses that can be used to contact the hackers, sentafe@rape.lol (prima, justin@cyberfear.com and magicback@onionmail.org (secondary) and a link to a website where the victims can check their data situation.
A pop-up window will show the #BlackHunt_ReadMe.hta ransom note, which reads:
'YOUR WHOLE NETWORKHAS BEEN PENETRATED BYBlack Hunt!
We also have uploaded your sensitive data, which we Will leak or sell in case of no cooperation!
Restore your data possible only buying private key from us
ATTENTION
remember, there are many middle man services out there pretending that they can recover or decrypt your files , whom neither will contact us or scam you, Remember we are first and last solution for your files otherwise you will only waste money and time
trying to decrypt your files without our decryptor and through third party softwares will make your files completely useless, there is no third party decryptor since we are the only key holders
we have uploaded many critical data and information from your machines , we won’t leak or sell any of them in Case of successful Corporation, however if we don’t hear from you in 14 days we will either sell or leak your data in many forums
Remain all of your files untouched, do not change their name, extension and…
CONTACT US
Your system is offline. in order to contact us you can email this addresssentafe@rape.lol this ID (nnUWuTLm3Y45N021 ) for the title of your email.
If you weren’t able to contact us whitin 24 hours please email:justin@cyberfear.com , magicback@onionmail.org
Check your data situation in hxxp://sdjf982lkjsdvcjlksaf2kjhlksvvnktyoiasuc92lf.onion'
The #BlackHunt_ReadMe.txt ransom note reads:
'As you can see we have penetrated your whole network due some critical network insecurities
All of your files such as documents, dbs and… Are encrypted and we have uploaded many important data from your machines,
and believe we us we know what should we collect.However you can get your files back and make sure your data is safe from leaking by contacting us using following details :
Primary email :sentafe@rape.lol
Secondary email(backup email in case we didn’t answer you in 24h) :justin@cyberfear.com , magicback@onionmail.org
Your machine Id : –
use this as the title of your email(Remember, if we don’t hear from you for a while, we will start leaking data)'
