Blackoutware Ransomware Demands Payment Within Three Days
While examining recently discovered file submissions, our research team came across the Blackoutware ransomware, which is specifically designed to encrypt data and demand payment for decryption.
On our experimental system, Blackoutware successfully encrypted files, appending a ".blo" extension to their original filenames. For instance, a file named "1.jpg" became "1.jpg.blo," and "2.png" transformed into "2.png.blo." Following the encryption process, a ransom note titled "!!!WARNING!!!.txt" was deposited into the "C:\Users[username]" directory.
The ransom note conveyed that the victim's files had been encrypted, and the decryption process required a monetary payment. Refusal to comply would result in the exposure of sensitive data extracted from the device, including files, login credentials, and credit card numbers.
The ransom amount specified in the note is 5000 euros in either LTC (Litecoin) or BTC (Bitcoin) cryptocurrencies, with a 72-hour deadline for compliance. The note also cautioned against altering the encrypted files or using third-party decryption tools, as doing so could lead to irreversible data loss.
Blackoutware Demands 5000 EUR in Ransom
The complete text of the Blackoutware ransom note goes as follows:
Hello All your files are encrypted by Blackoutware.
For decryption Send 5000€ LTC or BTC to The Wallet Mentioned At the Bottom of the Text
And Email us with the Transaction ID And ID We Will Give u the Decryptor
BTC Address: bc1q265exqnphfd99a2v00yzd87mz6kjpqkylk2cv3
LTC Address: Lh9PRuQsnwJcvAJCvJ9e7iNh6nueFCnXvf
Where to Buy Crypto and Where to Store it?
ANSWER: Download exodus at hxxps://www.exodus.com/ And buy Crypto at hxxps://www.moonpay.com/If U Dont Pay! We Will Leak all ur Sensitive Information Such as Passwords,Credit Cards,Files
Our Email: blackout@cumallover.me
Our Telegram: hxxps://t.me/BlackoutRansomYour ID:-
This File is Stored in C:\Users[username]!!!WARNING!!!.txt
Do not delete This Text File
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
You have 72 hours to get the key.
How Can Ransomware Like Blackoutware Enter Your System?
Ransomware like Blackoutware can enter your system through various means, and it often relies on deceptive tactics. Some common methods of ransomware infiltration include:
- Phishing Emails: Cybercriminals may send emails that appear legitimate, often with attachments or links that, when clicked, execute malicious code. These emails may mimic trusted sources, such as banks, government agencies, or reputable companies.
- Malicious Websites: Visiting compromised or malicious websites can expose your system to ransomware. This can occur through drive-by downloads or by clicking on seemingly harmless elements on the website that actually initiate the download and execution of malicious code.
- Infected Software Installers: Downloading software from untrusted or unofficial sources increases the risk of ransomware infection. Some attackers distribute infected versions of popular software or create fake installers that carry ransomware payloads.
- Vulnerable Software and Operating Systems: Outdated software and operating systems with known vulnerabilities provide entry points for ransomware. Cybercriminals often exploit security weaknesses to gain unauthorized access and install malicious software.
- Malvertising: Online advertisements containing malicious code can lead to ransomware infections. Clicking on compromised ads, even on legitimate websites, may trigger the download of malicious payloads.
- Removable Media: Ransomware can spread through infected USB drives, external hard drives, or other removable media. Connecting these devices to your system can result in the unintentional transfer of ransomware.
- Exploiting Remote Desktop Protocol (RDP): If remote desktop services are not adequately secured, attackers may exploit vulnerabilities to gain unauthorized access to your system and deploy ransomware.
