Threat Database Ransomware Blackware Ransomware

Blackware Ransomware

By GoldSparrow in Ransomware

The Blackware Ransomware is a lock screen Trojan that pretends to be a file encryption Trojan. These threats, known as ransomware, are designed to take the victim's computers hostage to demand a ransom payment for the return of the victim's data. There are various ransomware Trojans types. The most threatening of these uses a strong encryption algorithm to make the victim's files inaccessible, by encrypting the user-generated files, which may include files with the following extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

Usually, it is not possible to recover the data encrypted by these attacks, making them highly threatening. Because of this, many threats will pretend to carry out these attacks without being capable of encrypting victims' files. The Blackware Ransomware belongs to this category of threats. It uses system commands to lock the computer users, preventing them from accessing their data and displays a lock screen on the infected computer. The Blackware Ransomware also will prevent the victim from launching the Windows utilities that would normally be used to recover, such as the Windows Task Manager or the Registry Editor. However, despite its claims, the Blackware Ransomware is not capable of encrypting the victims' data, making a recovery from the Blackware Ransomware more achievable than with actual encryption ransomware Trojans.

The Blackware Ransomware's Lock Screen and Ransom Demand

The Blackware Ransomware displays a lock screen that claims that the victim's data was encrypted and demands a ransom payment, much in the same way as actual encryption ransomware Trojans. The full text of the Blackware Ransomware lock screen reads:

'Your computer has been locked!
Attention user!
Your computer has been locked by the Blackware Ransomware Version 1.o!
In order to regaint al lyour valuable data, users must pay 0.057 dollarrs worth of Bitcoin to the Bitcoin address below to receive your clearance key to unlock your computer.
Instructions on bitcoin payment:
1. Read tutorials online how to pay Bitcoin e.g. Wikipedia.
2. Purchase a Bitcoin wallet and 0.057 dollars worth of Bitcoin.
3. Wait confirmation for the security clearance key.
Bitcoin Address: [random characters]
[I have payed now give me back my computer|BUTTON]'

Computer users should ignore the Blackware Ransomware ransom message and refrain from paying any ransom associated with the Blackware Ransomware attack.

Recovering from the Blackware Ransomware Attack

Fortunately, the Blackware Ransomware's unlock code is embedded within the Blackware Ransomware itself. Computer users can disable the Blackware Ransomware lock screen by entering the following password:


By using a dedicated security program, one can remove the Blackware Ransomware and perform a thorough full scan of the affected computer to ensure that no other malware has managed to infect it along with the Blackware Ransomware threat.


Most Viewed