BlackRose Ransomware

BlackRose Ransomware Description

The BlackRose Ransomware is a Trojan that is designed to encrypt the victims' files, keeping them locked to demand the payment of a ransom. The BlackRose Ransomware receives this name because of the email address used to contact its victims, 'black-rose(at)outlook.co.th.' Like most ransomware Trojans, the BlackRose Ransomware is used to encrypt the victim's files using a strong encryption method. The BlackRose Ransomware demands the payment of 1 BitCoin (approximately $1200 USD at the current exchange rate) to provide the decryption key necessary to recover the affected files. PC security researchers strongly advise computer users to refrain from paying the BlackRose Ransomware ransom, since there is no assurance that the people responsible for the BlackRose Ransomware attack will keep their promise and help computer users recover their files. Furthermore, paying the BlackRose Ransomware ransom allows these people to continue financing their attacks. The BlackRose Ransomware is based on the HiddenTear ransomware engine, an open source ransomware platform that has spawned countless ransomware variants since its original release in 2015.

The Rose that Brings Prejudice

The BlackRose Ransomware is designed to attack computer users located in English speaking countries, through a social engineering tactic that targets these computer users (although there is nothing preventing the BlackRose Ransomware from being installed in computers located in other regions). The BlackRose Ransomware is installed through a fake PDF file that uses a double extension to hide the true nature of the file, which is really an executable file designed to install the BlackRose Ransomware on the victim's computer. The BlackRose Ransomware scans the infected computer, searching for certain file types and then encryps them using a strong encryption method. Among the numerous file types the BlackRose Ransomware targets in its attacks, it will encrypt the following file types:

.3GP, .7Z, .APK, .AVI, .BMP, .CSV, .DB, .DBF, .DOCM, ,DOC, .EPUB, .DOCX, .FLV, .GIF, .ISO .IBOOKS,.JPEG, .JPG, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .TIFF, .TIF, .TXT, .WMV, .XLS, .XLSX, .XPS, .XML, .ZIP, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE.

The files encrypted in the attack will have a new file extension added to the end of the file name. The BlackRose Ransomware has been reported to use different file extensions in its attack, including the following:

  • .ranranranran
  • .okokokokok
  • .loveyouisrael
  • .whatthefuck

After encrypting the victim's files, the BlackRose Ransomware delivers its ransom note in the form of a text file named 'READ_IT_FOR_GET_YOUR_FILE.txt.' The text of the BlackRose Ransomware ransom note reads as follows:

'Files has been encrypted
Send me some 1 bitcoins or more to Address BITCOIN :
3Q2hTDPt1LMAAgQsNQAPJQxb9ZiwADYaFM
After Payment bitcoin please send your Address Bitcoin Payment to me at
black-rose@outlook.co.th
I will give File Decryptor for you in 24HR...'

Protecting Your Computer from the BlackRose Ransomware

Most ransomware Trojans like the BlackRose Ransomware follow a similar attack strategy. Luckily, computer users can protect their machines and wallets against these attacks by having file backups. If computer users have backup copies of all files, then this nullifies the entire BlackRose Ransomware attack completely. The con artists can no longer demand payments of a ransom from the victims since the affected computer users can simply restore the affected files from the backup copies. PC security researchers strongly advise computer users to establish file backups on the cloud, on an external memory device or using a disk image software. File backups mean that there is no need to pay the BlackRose Ransomware ransom, which is not recommended under any circumstance. Apart from having file backups, you should have a reliable security program that is fully up-to-date both to remove the BlackRose Ransomware infection itself and intercept it before it is installed on your computer. This, combined with caution when handling any unsolicited email messages or files downloaded from the Web, can help computer users prevent the BlackRose Ransomware infections and other, similar ransomware Trojans.

Infected with BlackRose Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect BlackRose Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of BlackRose Ransomware outbreaks and other threats from global to local level.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 2 + 14 ?