'.black007 File Extension' Ransomware

The '.black007 File Extension' Ransomware is a variant of the Jigsaw Ransomware, a Trojan that locks your files, displays a ransoming-themed pop-up and deletes additional files on a timer. Victims of this Trojan or other members of its family should respond promptly and avoid restarting their computers without taking steps suitable for disabling all threats. Different anti-malware programs can uninstall the '.black007 File Extension' Ransomware from your computer while traditional backups or free decryption tools recover your files.

A Puzzling Trojan Goes Black

The Jigsaw Ransomware's family of Trojans that both encrypt and erase file data is showing another variant in deployment by an unknown threat actor. This build of the Jigsaw Ransomware, the '.black007 File Extension' Ransomware, has almost no changes from the original version of the file-locker Trojan but does edit some of the cosmetic details. Malware experts also suspect changes to the ransom-paying addresses, although not necessarily an improvement in the reliability of 'purchasing' its decryption feature.

The '.black007 File Extension' Ransomware is Windows software that uses an asymptomatic, AES encryption routine for locking different media formats, such as documents, pictures, spreadsheets or archives. As per its name, the '.black007 File Extension' Ransomware adds '.black007' extensions to the name of every file that it encrypts, which is this threat's only significant change from the main Jigsaw Ransomware build. The Trojan loads its HTA pop-up window after finishing blocking all data, excluding program executables and Windows components.

The ransoming pop-up displays a scrolling text message with imagery themed from the Saw movie franchise, along with general ransoming instructions for its decryption feature and accompanying input fields for paying. Because the '.black007 File Extension' Ransomware is a nearly complete clone of the original Jigsaw Ransomware, malware experts rate previous decryption software that's open to the public for no charge should be just as compatible with this version of the program. Although paying the ransom should be avoided, users may wish to monitor the timer, which indicates when the '.black007 File Extension' Ransomware will begin deleting batches of their encrypted files.

Turning the Lights on after a Trojan's Cinematic Blackout

Besides locking the user's files immediately, the '.black007 File Extension' Ransomware also represents two additional dangers, like other versions of the Jigsaw Ransomware family:

• The '.black007 File Extension' Ransomware deletes multiple files whenever its timer, which it displays on the pop-up window, reaches zero, after which, the countdown restarts.
• The '.black007 File Extension' Ransomware also deletes files upon starting up, which it does during the Windows reboot process automatically.

Since these risks can destroy significant quantities of data quickly, any victims should take immediate countermeasures, such as booting their PCs through USB drives that don't use the default Windows Registry and using Safe Mode for the additional protection against auto-launching threats. Such steps are also appropriate for other Jigsaw Ransomware updates, such as the Pennywise Ransomware, the Invisible Empire Ransomware, the Jokers House Ransomware and the Ramsey Ransomware. Almost all brands of major AV vendors are identifying and deleting the '.black007 File Extension' Ransomware, like every other version of Jigsaw Ransomware, immediately.

Criminals continuing to make fruitful variants of the file-deleting Trojan is a phenomenon that's unlikely of dying this year. With as little work as it took to make it, the '.black007 File Extension' Ransomware represents the fact that a threat actor can destroy in minutes, or even seconds, what took weeks, months, or years for an employee or hobbyist at a keyboard to create.