Threat Database Ransomware Blend Ransomware

Blend Ransomware

The Blend Ransomware is a newly uncovered variant of the infamous Dharma Ransomware. Most cyber crooks distributing ransomware threats tend to borrow the code of existing data-encrypting Trojans and alter it ever so slightly to fit their needs. This saves them time and effort compared to building a whole new file-locking Trojan from scratch.

Propagation and Encryption

It is likely that the Blend Ransomware was distributed via macro-laced emails. The emails in question would contain a bogus message whose goal is to trick the users into executing the attached file. If the users open the attachment, their system will be compromised by the threat. Malvertisement, fake pirated software and media, and bogus application updates are among other popular infection vectors, often utilized in the spreading of ransomware threats. After the Blend Ransomware compromises a system successfully, it will scan the data present on it. Next, the Blend Ransomware will trigger an encryption process that will lock all the files. All the newly locked files will be renamed, as the Blend Ransomware appends a '.id-.[helips@protonmail.com].blend' extension. This means that a file you had named 'green-clover.jpeg' originally, will be renamed to 'green-clover.jpeg.id-.[helips@protonmail.com].blend' after the encryption process has been completed.

The Ransom Note

In the next step of the attack, the Blend Ransomware will drop a ransom note on the victim's desktop. The name of the note is 'RETURN FILES.txt.' A large number of ransomware authors tend to name the file carrying the ransom message using all caps in an attempt to attract the attention of the user. There is not much information in the Blend Ransomware's ransom note. The attackers do not state what the ransom fee is. It is likely that the users will receive further information once they get in touch with the creators of the Blend Ransomware. The authors of the Blend Ransomware have provided users with an email address where they can be contacted – ‘helips@protonmail.com.'

It is not safe contacting cybercriminals. Even if they promise to provide you with a decryption key, do not trust them. The majority of users who pay up are left empty-handed when the attackers fail to keep their word and provide them with a decryption tool. This is why it is worth investing in a reputable anti-malware application that will not only remove the Blend Ransomware from your computer swiftly and safely but also will make sure you do not end up in the same situation in the future.

Related Posts

Trending

Most Viewed

Loading...