Black Blight Ransomware is More of a Joke Than a Threat
A new piece of malware has been spotted in the wild and given the name Black Blight ransomware. The word 'ransomware' in this case is not really deserved, as Black Blight is more of a scam and looks like a script kiddie's first attempt at using malicious tools.
Unlike nearly every other strain of ransomware out there, Black Blight actually does not encrypt files, even if its ransom note claims it does, even claiming AES-256 encryption was used.
What Black Blight really does is simply rename files, sticking the letter "x" before the original extension. This means a file originally named "document.txt" will transform into "document.xtxt". This will still make the file impossible to open just by double-clicking it, but it does not mean that the contents were encrypted.
As can be expected from a threat actor who thinks a file renamer tool can pass for ransomware, the ransomware operator uses Discord for contacting their victims.
The ransom note of the Black Blight ransomware reads as follows:
$$$ BRIGHT BLACK RANSOMWARE $$$
WHAT HAPPEND? ALL YOUR FILES GOT ENCRYPTED USING AES-256!
HOW TO DECRYPT THEM? IT'S SIMPLE WRITE TO ME ON DISCORD brightblack#6937!
DISCALMER: IF YOU TRY TO DECRYPT THEM USING OTHER SOFTWARE YOU CAN LOST THEM FORVER!!!
If you happen to be among those affected by the Black Blight ransomware wannabe, simply rename all your files and remove the "x" from the extension string, to make them completely readable again.