Blackout Ransomware
Posted: July 17, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | July 17, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Blackout Ransomware is a Trojan that locks your files with encryption and disguises its extortion demands as technical support for circumventing its license agreement. Until more data is available about its encryption methods and the likelihood of decryption, malware experts recommend using backups, when appropriate, for recovering from this threat's attacks. Some anti-malware programs also may delete the Blackout Ransomware immediately before it encodes anything, which is an asymptomatic activity.
Trojans with Lessons in Creative Writing
While technical know-how will always be invaluable to those seeking to subvert PC security, threat actors also are learning to depend on the gullibility of those whom they attack for making money. Various social engineering techniques, such as fake software tactics or forged e-mail messages, often play parts in distributing Trojans and other threatening software. Now, with the upcoming Blackout Ransomware campaign, malware experts even are finding Trojans trying to pretend they're not illegal after an attack.
The Blackout Ransomware is a Trojan that uses a still unknown encoding method for encrypting the victim's media, which lets it block content like documents or pictures. The Blackout Ransomware also creates a custom string of alphanumeric characters to serve as the infected PC's identification number, which is unique to each attack. Like other file-encrypting Trojans, the Blackout Ransomware prevents the user from opening any of the content it locks until after they run it through a corresponding decryption application that's specialized for the Blackout Ransomware and requires the algorithm's key.
Other than locking arbitrary formats of files, the Blackout Ransomware also distinguishes itself by the plaintext-based ransom note it drops. Most of the details of this message are similar to those of attacks like variants of the Globe Ransomware or the Jigsaw Ransomware campaigns. However, the Blackout Ransomware's author tries to disguise its attack as being part of a 'license agreement' and a legal demonstration of encryption technology on the Windows OS without any intent to do harm. This cover story is similar to the original purpose of Utku Sen's Hidden Tear program.
Malware experts emphasize that other characteristics in these instructions, such as the request to use the anonymity-providing TOR browser, imply that the above cover story is entirely false. Programmers meaning to distribute encryption-based programs without causing damage have no reason to avoid bundling the decryptor with them, whereas the Blackout Ransomware's threat actor is withholding his decryption application for ransom.
Turning out the Lights on an Easy Lie for Money
Although its file data implies that its campaign is trying to circulate the Blackout Ransomware with the appearance of a legitimate program, almost all details of the Blackout Ransomware's payload show that the Trojan is meant to damage your PC by preventing you from opening digital media. Backups that you schedule beforehand and save to devices that can't be infected are always a simple means of avoiding permanent damage from these attacks. If you lack backups for restoring any barred files, malware experts recommend creating copies of any encoded content and testing different, free decryption programs made available by third-party security researchers.
Paying any fees the Blackout Ransomware's author may request isn't a way of regaining any blocked files necessarily. Almost all Trojan attacks using file-encrypting features specify payment methods that eschew standard legal protections for hoaxes, such as chargebacks. Therefore, the con artists can simply take their payments without needing to give you any decryption help even though they may provide an initial 'free sample' of their services. Blocking and deleting the Blackout Ransomware with a standard anti-malware product remains the only means, besides possessing backups, of confirming that your local content can't suffer damage that's irreversible.
While the space for file-encryption attacks is bustling, con artists are all too happy to try various tricks to make old software seem new. Falling for 'license agreements' delivered after the fact, like the Blackout Ransomware's text, is little better than putting your trust into a Nigerian loan tactic.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.