Black Berserk Ransomware Will Lock Your System

Our research team recently came across a new ransomware variant called Black Berserk while analyzing fresh malware samples. This particular ransomware is designed to encrypt data on infected systems and demands a ransom for the decryption key.

During our testing, we observed that Black Berserk encrypts files and appends the ".Black" extension to their original filenames. For instance, a file originally named "1.jpg" would be transformed into "1.jpg.Black," and "2.png" would become "2.png.Black," and so on. Subsequently, the ransomware generates a ransom note named "Black_Recover.txt."

In the ransom note, the attackers urge the victim to establish contact with them. They emphasize that the encrypted files have become inaccessible due to the encryption process, and the attackers have also exfiltrated all the data.

To test the possibility of decryption before making any payment, the victim is given an option to send two encrypted files to the cybercriminals. However, these files should not contain important information and should not exceed 1MB in size. The note warns against deleting or altering any of the encrypted files. Furthermore, seeking decryption assistance from third-party sources is cautioned against, as it may lead to additional financial losses.

Black Berserk Ransom Note Mentions no Ransom Sum

The full text of the Black Berserk ransom note reads as follows:

Your ID : -

In subject line please write your personal ID

Contact us:
Black.Berserk@onionmail.org
Black.Berserk@skiff.com

ATTENTION!

All files have been stolen and encrypted by us and now have Black suffix.

What about guarantees?

To prove that we can decrypt your files, send us two unimportant encrypted files.(up to 1 MB) and we will decrypt them for free.

+Do not delete or modify encrypted files.
+Decryption of your files with the help of third parties may cause increased price(they add their fee to our).

How Can Ransomware Infect Your System?

Ransomware can infect your system through various methods, each exploiting different vulnerabilities to gain unauthorized access and encrypt your files. Here are some common ways ransomware can infect your system:

Phishing Emails: Phishing emails are one of the most common delivery methods for ransomware. Attackers send seemingly legitimate emails that contain malicious attachments or links. Clicking on these links or opening infected attachments can trigger the ransomware download and execution.

Malicious Websites: Visiting compromised or malicious websites can lead to drive-by downloads, where ransomware is automatically downloaded and executed on your system without any interaction from you.

Malvertising: Cybercriminals may use malicious advertisements (malvertising) on legitimate websites to distribute ransomware. Clicking on an infected ad can redirect you to a site that downloads the ransomware onto your device.

Exploit Kits: Exploit kits are malicious toolkits used to identify vulnerabilities in software. If your system has outdated software or unpatched security flaws, exploit kits can exploit these weaknesses to deliver ransomware.

Remote Desktop Protocol (RDP) Attacks: If you have remote desktop services enabled on your system and use weak passwords or outdated protocols, attackers can exploit RDP vulnerabilities to gain access and deploy ransomware.