'blacklist@clock.li' Ransomware

The 'blacklist@clock.li' Ransomware is an encryption ransomware Trojan, first released on October 24, 2018. The 'blacklist@clock.li' Ransomware carries out a typical encryption ransomware Trojan attack. The 'blacklist@clock.li' Ransomware's code seems to be a hybrid of Dharma and Crysis, two well-known encryption ransomware families. The 'blacklist@clock.li' Ransomware has numerous variants very similar to itself, which were released in fall of 2018, pointing to the possibility of a new partnership between criminal groups or the emergence of a new RaaS (Ransomware as a Service) platform on the Dark Web.

How the 'blacklist@clock.li' Ransomware Attack Works

The 'blacklist@clock.li' Ransomware can be installed in a variety of ways, including corrupted spam email attachments or through compromised Remote Desktop connections. Once the 'blacklist@clock.li' Ransomware is installed, it takes the victims' files hostage and then demands a ransom payment to restore access to the infected files. The 'blacklist@clock.li' Ransomware targets the user-generated files, which may include a wide variety of media files, document types, databases, and numerous other files. The following are examples of the files that threats like the 'blacklist@clock.li' Ransomware target in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The files encrypted by the attack are renamed with the following pattern, added to the end of each affected file's name: '.id-<8 chars>.[Blacklist@clock].vanss' and then a ransom note will be displayed. The 'blacklist@clock.li' Ransomware displays its ransom note in the form of a text file and an HTA file named 'FILES ENCRYPTED.txt' and 'Info.hta.' The ransom note text reads as follows:

'All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail: Blacklist@clock Write this ID in the title of your message <8 characters>
In case of no answer in 24 hours write us to these emails: Blacklist@clock
You have to pay for decryption in Bitcoins. The price depends on how fast you write us. After payment, we will send you the decryption tool that will decrypt all your files.'

Protecting Your Data from Threats Like the 'blacklist@clock.li' Ransomware

Malware researchers strongly advise computer users not to contact the criminals and to avoid following the 'blacklist@clock.li' Ransomware's instructions. Instead, they should set up preventive measures to ensure that their data is protected from threats like the 'blacklist@clock.li' Ransomware completely. The best protection against threats like the 'blacklist@clock.li' Ransomware is to have backup copies of your files. Backup copies should be stored in a location inaccessible to threats like the 'blacklist@clock.li' Ransomware, such as an external memory device, an unmapped drive, or the cloud (without being synchronized to the victim's computer).