BLACK ICE Ransomware Demands Bitcoin Ransom

ransomware

The BLACK ICE ransomware is a form of malicious software designed with the intention of encrypting data and then demanding a ransom to decrypt it. Moreover, this software employs a strategy known as double extortion.

After running a test instance of BLACK ICE on our trial computer, it proceeded to encrypt files and alter their filenames by adding a ".ICE" extension. For example, a file originally labeled "1.jpg" would transform into "1.jpg.ICE," while "2.png" would become "2.png.ICE," and so forth. Once the encryption process was finalized, the ransomware generated a ransom note named "ICE_Recovery.txt."

The message within the BLACK ICE ransom note notifies the victim that their files have been both encrypted and taken. In order to start the procedure of regaining access to the data, the victim is given instructions to reach out to the attackers, send them a specific file that adheres to certain criteria for a decryption test, and make the ransom payment. Although the exact amount of the demanded payment is not specified in the note, it does indicate that the ransom must be paid using the Bitcoin cryptocurrency.

Should the victim choose not to negotiate with the cybercriminals, the pilfered data will be exposed. The message cautions against altering or erasing encrypted files, utilizing third-party decryption tools, or seeking help from data recovery companies.

BLACK ICE Ransom Note Asks for Bitcoin Payment

The full text of the BLACK ICE ransom note reads as follows:

Personal ID : -
BLACK ICE

ALL YOUR IMPORTANT FILES ARE STOLEN AND ENCRYPTED!
and now have the "ICE" extension.

There is only one way to get your files back:

  1. Contact with us
  2. In subject line please write your Personal ID
  3. To prove that we can decrypt your files, send us 1 unimportant encrypted files. (up to 1 MB) and we will decrypt them for free.
  4. We accept Bitcoin

Contact us:
Black.Ice85@onionmail.org
Black.Ice85@skiff.com

Do not delete or modify encrypted files.

Any attempts to restore your files with the thrid-party software will be fatal for your files!
To recovery your data and not to allow data leakage, it is possible only through purchase of a private key from us.

Don't go to recovery companies, they are essentially just middlemen who will make money off you and cheat you.
We are well aware of cases where recovery companies tell you that the ransom price is 5 BTC but in fact they secretly negotiate with us for 1 BTC, so they earn 4 BTC from you.
If you approached us directly without intermediaries you would pay 5 times less, that is 1 BTC.

How Can Ransomware Like BLACK ICE Enter Your System?

Ransomware like BLACK ICE can enter your system through various methods, often exploiting vulnerabilities or employing social engineering tactics. Here are some common ways ransomware can infiltrate your system:

  • Phishing Emails: One of the most prevalent methods is through phishing emails. You might receive an email with a malicious attachment or a link to a compromised website. Once you interact with the attachment or link, the ransomware gets downloaded onto your system.
  • Malicious Downloads: Visiting untrustworthy websites or downloading software from unofficial sources can expose you to ransomware. Cybercriminals can disguise ransomware as legitimate software, games, or other attractive downloads.
  • Exploit Kits: Ransomware can take advantage of software vulnerabilities in your system or applications. Exploit kits are tools that cybercriminals use to find and exploit these vulnerabilities, allowing the ransomware to enter your system.
  • Drive-By Downloads: These occur when you unknowingly download malware by simply visiting a compromised website. The malware is delivered through the browser without any user interaction.
  • Malvertising: Cybercriminals can compromise legitimate online advertising networks, placing malicious ads on various websites. Clicking on these ads can lead to ransomware infections.
  • Remote Desktop Protocol (RDP) Attacks: If your RDP is not properly secured, hackers can exploit weak passwords or security flaws to gain remote access to your system and deploy ransomware.
  • Malicious Macros: Ransomware can be spread through infected documents that contain malicious macros. If you enable macros in these documents, the ransomware can be executed.
  • Watering Hole Attacks: Cybercriminals compromise websites that are frequently visited by their target audience. When users visit these websites, they inadvertently download ransomware onto their systems.
By Zaib
August 17, 2023
Ransomware
English
August 17, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Prestige Ransomware Lists No Ransom Demands

Prestige is the name of a new ransomware variant that is not related to any of the big ransomware families. Prestige will encrypt files found on the victim system's drives once deployed, scrambling their contents and... Read more

October 26, 2022
Ransomware

Kriptor Ransomware Asks for Bitcoin Ransom

Yet another strain of file-encrypting malware was spotted in the wild. The newest strain is called the Kriptor ransomware. The Kriptor ransomware will encrypt almost every file on a system, leaving files essential to... Read more

July 25, 2022
Ransomware

Raasv2 Ransomware Demands Bitcoin Ransom

Our team recently came across Raasv2, a type of ransomware, during our analysis of new file samples. Upon examining it, we discovered that Raasv2 operates by encrypting files, changing their names, and generating a... Read more

July 19, 2023
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.