'Blacknord@tutanota.com' Ransomware
The 'Blacknord@tutanota.com' Ransomware is a custom version of the RotorCrypt Ransomware, a Trojan that can block your files with an encryption-based data attack. Users with any concerns about protecting their documents and other work can keep backups that this Trojan is incapable of accessing. Anti-malware programs already capable of detecting the rest of this family should block or uninstall the 'Blacknord@tutanota.com' Ransomware safely.
A Nordic Invasion of Razing Your Files
The Russia-focused RotorCrypt Ransomware has a new variant at play, although malware experts are unable to how its threat actors are choosing to circulate it. The new member of this family of RSA-encrypting Trojans, the 'Blacknord@tutanota.com' Ransomware, features mostly superficial and aesthetic changes. On the other hand, all of its data-locking abilities remain fully available for use against any Windows PC that it can compromise.
Without a currently unavailable leak of its keys, the 'Blacknord@tutanota.com' Ransomware's RSA encryption method is secure against recovery by third parties. The Trojan uses this data-enciphering routine for locking different file kinds, such as Word documents, JPG or BMP images, archives, music, spreadsheets or slideshows. However, the 'Blacknord@tutanota.com' Ransomware and other variants of the RotorCrypt Ransomware don't damage any components that Windows requires for remaining operational.
Instead of giving up-front ransom instructions in a text file, the 'Blacknord@tutanota.com' Ransomware promotes its threat actor's e-mail address for negotiating. Its method of doing so appends a particularly long extension onto the names of all media ('!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve'). The threat actors expect any users to e-mail them for details on how much, and what, to pay, in return for his file-unlocking decryption key.
Avoiding E-mail Addresses that Mean the Worst for Your Media
The 'Blacknord@tutanota.com' Ransomware's family is, mostly, unusual for specializing in the general region of Russia and adjacent nations, as well as for the preference of an RSA cipher, as opposed to AES or even XOR. However, the latter feature does make the 'Blacknord@tutanota.com' Ransomware's secure particularly, and malware researchers have yet to find any hope for decrypting any 'locked' files freely. In cases of infection, only a backup can provide an absolute guarantee of recovering any of the user's damaged data.
The last exploits by the RotorCrypt Ransomware family disguised its members as being software with Remote Desktop-related features. However, the 'Blacknord@tutanota.com' Ransomware may be under the maintenance of a different threat actor and could use other distribution tactics, such as e-mail attachments or brute-force attacks for breaking through a company's network security. Active and fully-updated anti-malware protection should stop this threat on sight, and also can remove the 'Blacknord@tutanota.com' Ransomware infections securely.
National boundaries mean little to Trojans and protecting your files always means keeping spares of them somewhere safe. For those who think that the former makes the latter unnecessary, the 'Blacknord@tutanota.com' Ransomware, and file-locker Trojans just like it, are happy to disabuse them of that assumption.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.