Blackout Ransomware–Threat In Detail
Blackout is a new crypto-malware Ransomware virus that encrypts the file, important documents, videos and images found on the target PC. This ransomware is written in open-source ransomware code that encrypt the files and demands the payment to decrypt the files back. After the encryption is been done, Blackout Ransomware appends “.Blackout” as the extension to the encrypted files. As the pattern of Ransomware, this one also leaves a ransom note “README_1183339_23654.txt ” for its victims that contains the ransom note and instructions on how to pay the ransom.
|Description||Blackout Ransomware encrypts files, videos, images and texts stored on the target PC and demand a ransom amount from users to decode the files.|
|Occurrence||spam mail attachments., exploit kits, malicious links and java script codes..|
|Possible Symptoms||The ransom note can be seen on desktop and other file directories and files could not be accessible.|
|Detection Tool||Download the Detection tool– To confirm attack of Blackout Ransomware virus on your computer.|
Blackout Ransomware is distributed via email spam attachments which might be in the form of a RAR, ZIP and un-archived DOCX-files that containing malicious macro. Many cyber-criminals uses spam techniques to trick users by heading the mail as any invoice or shipment. Other sources might include visiting infected websites containing java script codes, media file sharing on social networking sites, exploit kits and spam bots. As you open the document or click the link, the payloads of Blackout Ransomware gets downloaded on the system and installed without any user’s permission.
More about Blackout Ransomware
Blackout Ransomware may attack any sort of window’s OS like Vista, Windows 7, Win 8 and Win 10. Once installed, this Ransomware uses strong encryption algorithm combination of RSA-2048 key and AES CBC 256-bit. This means files are locked with public and private key. Thus users are left with no option except to pay the ransom and get their fiels back.
Blackout Ransomware may drop malicious payloads and entries in the windows’s registry to auto-launch its program.
It searches for various important files like Documents, PDF, photos, music, videos, databases, etc to encrypt them. After encrypting the files, the ransomware changes the desktop wallpaper to ransom note:
Along with that, Blackout Ransomware also leaves a ransom note detailed with how to contact them and decrypt files.
The ransom Note says:
Your files have been encrypted ransomware!
Your personal Id:
Blackout ransomware is a free open source software.
The program is designed to test the protection of OS Windows against ransomware.
The developer of this software is not responsible for any damage caused by the program.
The program is experimental and the entire responsibility for use lies with the user.
HOW TO USE:
To decrypt your files, you need the program blackout_decryptor.exe
If you do not have it, write to email: email@example.com or firstname.lastname@example.org
In the letter, send your personal id and two small encrypted files for trial decryption.
If you dont get answer from email@example.com or firstname.lastname@example.org in 72 hours,
you need to install tor browser, you can download it here:
After installation, open the tor browser to website:
Register on the site a new email address and write to us with his letter to our address:
Blackout cryptovirus encrypts file using AES encryption method and displays the above note and asks user to contact with the following email address:
This ransomware deletes the shadow volume copies of the data encrypted of the attacked windows system by executing “vssadmin.exe delete shadows /all /Quiet” command.