'Blacknord@tutanota.com' Ransomware

Posted: January 26, 2018

'Blacknord@tutanota.com' Ransomware Description

The 'Blacknord@tutanota.com' Ransomware is a custom version of the RotorCrypt Ransomware, a Trojan that can block your files with an encryption-based data attack. Users with any concerns about protecting their documents and other work can keep backups that this Trojan is incapable of accessing. Anti-malware programs already capable of detecting the rest of this family should block or uninstall the 'Blacknord@tutanota.com' Ransomware safely.

A Nordic Invasion of Razing Your Files

The Russia-focused RotorCrypt Ransomware has a new variant at play, although malware experts are unable to how its threat actors are choosing to circulate it. The new member of this family of RSA-encrypting Trojans, the 'Blacknord@tutanota.com' Ransomware, features mostly superficial and aesthetic changes. On the other hand, all of its data-locking abilities remain fully available for use against any Windows PC that it can compromise.

Without a currently unavailable leak of its keys, the 'Blacknord@tutanota.com' Ransomware's RSA encryption method is secure against recovery by third parties. The Trojan uses this data-enciphering routine for locking different file kinds, such as Word documents, JPG or BMP images, archives, music, spreadsheets or slideshows. However, the 'Blacknord@tutanota.com' Ransomware and other variants of the RotorCrypt Ransomware don't damage any components that Windows requires for remaining operational.

Instead of giving up-front ransom instructions in a text file, the 'Blacknord@tutanota.com' Ransomware promotes its threat actor's e-mail address for negotiating. Its method of doing so appends a particularly long extension onto the names of all media ('!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve'). The threat actors expect any users to e-mail them for details on how much, and what, to pay, in return for his file-unlocking decryption key.

Avoiding E-mail Addresses that Mean the Worst for Your Media

The 'Blacknord@tutanota.com' Ransomware's family is, mostly, unusual for specializing in the general region of Russia and adjacent nations, as well as for the preference of an RSA cipher, as opposed to AES or even XOR. However, the latter feature does make the 'Blacknord@tutanota.com' Ransomware's secure particularly, and malware researchers have yet to find any hope for decrypting any 'locked' files freely. In cases of infection, only a backup can provide an absolute guarantee of recovering any of the user's damaged data.

The last exploits by the RotorCrypt Ransomware family disguised its members as being software with Remote Desktop-related features. However, the 'Blacknord@tutanota.com' Ransomware may be under the maintenance of a different threat actor and could use other distribution tactics, such as e-mail attachments or brute-force attacks for breaking through a company's network security. Active and fully-updated anti-malware protection should stop this threat on sight, and also can remove the 'Blacknord@tutanota.com' Ransomware infections securely.

National boundaries mean little to Trojans and protecting your files always means keeping spares of them somewhere safe. For those who think that the former makes the latter unnecessary, the 'Blacknord@tutanota.com' Ransomware, and file-locker Trojans just like it, are happy to disabuse them of that assumption.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to 'Blacknord@tutanota.com' Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware 'Blacknord@tutanota.com' Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.