BlackHat Ransomware
Posted: September 18, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 12 |
| First Seen: | September 18, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The BlackHat Ransomware is a variant of Hidden Tear, an open-source Trojan that locks the user's media by encoding it with a cipher. At this time, the BlackHat Ransomware is bugged and may not finish its attacks, although minor updates could give it full functionality and prevent users from opening files such as pictures or text documents. Let your anti-malware programs remove the BlackHat Ransomware after disabling any network connections this threat could use to communicate with external servers and recover any files from backups.
Well-Aged Trojans Putting on Fresh Hats
Hidden Tear is undergoing various permutations of upgrades and downgrades at the hands of different teams of developers, not all of whom are skilled at programming equally. In the most ideal of cases, these third-party edits result in a less than functional output, like the samples of the MoWare H.F.D Ransomware that malware experts held for analysis previously. However, work on this HT variant has yet to halt, and the Trojan is now detectable under new names: Blackbat or the BlackHat Ransomware.
The BlackHat Ransomware retains most of MoWare H.F.D Ransomware's bugs, including runtime errors that could prevent its payload from operating as its threat actors intend. For samples with all glitches corrected, the BlackHat Ransomware could encrypt files such as movies, documents, spreadsheets and other media by using a XOR-based algorithm to convert them to unreadable formats. Meanwhile, the Trojan launches the same ransoming pop-up the MoWare H.F.D Ransomware uses: an interactive Web page that includes a live timer and details about transferring Bitcoins to a wallet to 'buy' the decryptor.
The BlackHat Ransomware also still seems to use the old '.H_F_D_locked' extension for identifying such files to the user. While malware experts are noting theoretical ransoming fees for the BlackHat Ransomware's decryptor at 200 USD in Bitcoins, any victims should continue using free methods for recovering their data, if at all possible. As a bugged version of Hidden Tear, the BlackHat Ransomware may not delete local backups, but non-local ones always are more reliable solutions for protecting your data from hostile encryption.
Depriving Trojans of Their Hat Tricks
Although the BlackHat Ransomware remains as buggy as its recent ancestor approximately, using a widely-applicable foundation of code, like Hidden Tear, can help make this threat into a danger to any PC user's files without much additional work. Minor updates could patch this Trojan into a state that's capable of blocking your local content indefinitely while it demands ransoms that may not pay off for anyone who surrenders to them. Contacting experienced security researchers for help could produce additional, free solutions for victims who need a decryption program.
Malware researchers determined that the BlackHat Ransomware doesn't use an embedded key for encoding content previously; instead, it downloads an appropriate code from a remote server. Users who disable their Internet connections as soon as possible after compromising their PCs may be able to halt the encryption process, even though this attack shows no overt symptoms. Most anti-malware products are identifying and removing the BlackHat Ransomware at satisfactory rates and should detect this threat before its attacks can occur.
Crippled Trojans do retain some degree of potential for harassing and harming the PCs that they infect. For Trojans like the BlackHat Ransomware, these bugs even can interfere with the encryption routine and, as an immediate consequence, make decryption into a pipe dream. Its payload, even buggy, underlines the fact that any file worth paying for also is worth backing up to someplace secure.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.