Threat Database Ransomware Blind Ransomware

Blind Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 6,415
Threat Level: 50 % (Medium)
Infected Computers: 2,021
First Seen: September 19, 2017
Last Seen: September 18, 2023
OS(es) Affected: Windows

The Blind Ransomware is an encryption ransomware Trojan. The Blind Ransomware was first observed on September 15, 2017, and is typically delivered to its victims via corrupted spam email attachments. The email messages used to deliver the Blind Ransomware tend to use social engineering techniques that make it seem as if the email message is coming from a legitimate sender, such as Facebook, PayPal or Google. Then, if the victim opens the file attachment, it will download and install the Blind Ransomware on the victim's computer. These attachments tend to take the form of malicious Microsoft Office files with embedded macro scripts. Computer users should treat email attachments with suspicion, as they are the most common way of distributing threats like the Blind Ransomware.

A Blind Ransomware Infection and Its Effects

The Blind Ransomware and similar threats, like most encryption ransomware Trojans, are designed to encrypt the victims' files, using a strong encryption algorithm to make the victim's files inaccessible. The Blind Ransomware will target the user-generated files, such as photos, audio, and videos while allowing Windows to continue to function. In this way, the Blind Ransomware is capable of encrypting the victim's files, but the victim still can use the infected computer to pay a ransom amount, (which would not be the case if all the victim's files were encrypted, including the system files). Since the Blind Ransomware uses a combination of the AES 256 and RSA 2048 encryptions to compromise the victim's files, it may not be possible to restore the files encrypted by the Blind Ransomware attack. Once the Blind Ransomware encrypts a file, it will change the infected file's name to include an email address associated with the Blind Ransomware and the file extension '.blind.'

How the Con Artists Use the Blind Ransomware to Profit at Your Expense

After the victim's files have been infected, the victim will receive a ransom note, a message threatening the victim with the permanent loss of the affected files unless the victim makes a ransom payment. The Blind Ransomware uses an HTA file to deliver its ransom note. This file is named 'How_Decrypt_Files.hta' and will appear in the infected computer's Desktop and Documents library. This file will load on the infected computer's Web browser in a program window and will display the following message:

'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail blind@cock.li You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment, we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Your personal identification number: [1536 RANDOM CHARACTERS]'

Dealing with the Blind Ransomware

It is recommended that computer users avoid contacting the people responsible for the Blind Ransomware or paying its ransom amount. Instead, they should do whatever it takes to ensure that their data stays safe in the event of a Blind Ransomware attack. The best way they can fight ransomware Trojans like the Blind Ransomware is to have file backups. Backup copies of your files will make the people responsible for the Blind Ransomware attack lose any leverage to demand a ransom payment

URLs

Blind Ransomware may call the following URLs:

.searchtheweb.today

Related Posts

Trending

Most Viewed

Loading...