Blackout Ransomware
The Blackout Ransomware is a threat that claims to be an open source ransomware Trojan. However, the Blackout Ransomware's claims are entirely false. The Blackout Ransomware pretends to have the ability to encrypt the victims' files, disguised as software to protect computer users against ransomware, and then claims that the victim's files were encrypted by accident. The Blackout Ransomware uses various contact email address, and computer users affected by the Blackout Ransomware attack are encouraged to contact the con artists at the email addresses blackzd@derpymail.org, blackoutsupport@mai12tor.com and blackzd@xmail.net. Victims are instructed to wait 72 hours and connect to a website on the Dark Web using TOR if they have not received a response.
Table of Contents
The Threat that will Cause a Blackout of Your Files
During the transaction with the people responsible for the Blackout Ransomware attack, victims are instructed to download an executable file named blackout_decryptor.exe. The ultimate goal of all this is to get the victim to pay money in exchange for the decryption software. However, the roundabout way in which the con artists carry out the Blackout Ransomware attack to get to the point makes the Blackout Ransomware somewhat unique when compared to other ransomware Trojans.
The Blackout Ransomware is still in an unfinished version, perhaps for educational or proof of concept purposes. It also is possible that a full version of the Blackout Ransomware will be released eventually. The Blackout Ransomware does not alter the victim's files or add different extensions to identify them. However, the Blackout Ransomware does connect to its Command and Control server to establish a pirated connection to the victim's computer. The Blackout Ransomware delivers a ransom note that is contained in a text file named README_1183339_23654.txt, which is dropped on the infected computer. Below are the contents of the Blackout Ransomware's ransom note:
'Your files have been encrypted
Your personal Id:
ZiaDE*****UOY2E
LICENSE AGREEMENT
the Blackout Ransomware is a free open source software.
The program is designed to test the protection of OS Windows against ransomware.
The developer of this software is not responsible for any damage caused by the program.
The program is experimental and the entire responsibility for use lies with the user.
HOW TO USE:
To decrypt your files, you need the program blackout_decryptor.exe
If you do not have it, write to email: blackzd@derpymail.org or blackzd@xmail.net
In the letter, send your personal id and two small encrypted files for trial decryption.
If you dont get answer from blackzd@derpymail.org or blackzd@xmail.net in 72 hours,
you need to install tor browser, you can download it here:
https://www.torproject.org/download/download.html.en
After installation, open the tor browser to website:
http://mail2tor2zyjdctd.onion/register.php
Register on the site a new email address and write to us with his letter to our address:
blackoutsupport@mai12tor.com
NN:506358115267996'
How the Blackout Ransomware may Enter a Computer
The Blackout Ransomware distribution is still limited. The most common way the Blackout Ransomware may be delivered at this point is by hiding it on file sharing networks, packaging it with file downloads and fake updates. Eventually, the Blackout Ransomware also may begin to be delivered using corrupted spam email attachments, the most common way of delivering ransomware Trojans today.
Dealing with a Blackout Ransomware Infection
Since the main purpose of ransomware Trojans like the Blackout Ransomware is to infiltrate a computer and encrypt its contents, having file backups of your data is a crucial element in ensuring that your data is protected from the Blackout Ransomware and other ransomware Trojan infections. Apart from having file backups, PC security researchers also advise computer users to have a reliable, fully updated security program to ensure that the Blackout Ransomware and other threats do not infiltrate your computer, and remove them if they do. However, although security software is certainly needed today, the best way to ensure that your data is safe from the Blackout Ransomware and other ransomware Trojans is to have a backup copy available.
