BlackFeather Ransomware
Posted: September 17, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 75 |
| First Seen: | September 17, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Black Feather Ransomware is a Trojan that encrypts your files and then delivers a text message asking for a ransom for the decryption solution. Since malware experts can verify that the Black Feather Ransomware takes no steps to preserve the essential decryption data, you should ignore requests for payment and use other methods of data restoration. Whether or not your files are recoverable, use appropriate anti-malware products for uninstalling the Black Feather Ransomware and stopping any possibility of subsequent attacks.
A Drifting Feather from an Open-Source Problem
Coding your software independently is often the most secure way to design any program, including threatening ones. However, there are clear shifts in the threat industry towards using 'templates' based on older works to create new ones, with con artists seemingly valuing their time over their products' security. The Black Feather Ransomware is a new example of a derivative threat and owes most of its code to Utku Sen's Hidden Tear.
The Black Feather Ransomware may use distribution means such as e-mail attachments, with its Trojan droppers disguising themselves as being Adobe PDF documents. Launching the 'document' generates a generic error that implies that the contents have been damaged, but also, secretly, installs the Black Feather Ransomware. As par for the course with threats of this category, the Black Feather Ransomware shows no symptoms while it encrypts your files, blocking them with an AES-based cipher.
However, the Black Feather Ransomware does load its ransom message automatically afterward. The text claims that making a 0.3 Bitcoin payment (approximately 180 USD) will provide a decryption solution that restores your files to normal. Malware experts were able to verify that the Black Feather Ransomware doesn't save the decryption key required for decrypting your data or transfer it to a server for con artists to deliver back to the victim. As a result, and despite its instructions, the Black Feather Ransomware has no built-in decryption method.
Sending a Trojan Flying from Your Files
It's not unusual for data encrypting Trojans to include misleading or false information in their extortion messages, such as exaggerating the strength of their encryption algorithms. Recurring cases like the Black Feather Ransomware make the point that paying a con artists money in return for hoping that they'll restore your data is, at best, a highly risky proposition. PC users without other options, such as using backups for restoring their content, should ask for help in the PC security sector. Many families of Trojans of the Black Feather Ransomware's category do have decryptors available to the general public at no charge.
You can identify Black Feather Ransomware infections by the extensions it appends to its encrypted files ('.blackfeather') along with the previously-mentioned ransom text. Using your anti-malware products to detect harmful installers or remove the Black Feather Ransomware before its encryption attack completes itself can provide protection for PC users who feel the need to open PDF documents from unusual sources. Readers should remain cautious of fake invoices, failed delivery notifications and other disguises that are typical for many ransom-based threat campaigns.
The Black Feather Ransomware is also a particularly obvious example of why a victim should consider paying a ransom, if at all, only as a last resort: giving this Trojan's authors your money will put you no closer to saving your files than it would if you had stuffed your wallet into a crow's beak.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.