BlackShades Crypter Ransomware

The BlackShades Crypter Ransomware is a Trojan that uses encryption algorithms as weapons to take your data hostage, which usually is followed by ransom demands. These attacks may focus on prominent, widely-used formats, such as those used by spreadsheet or slideshow presentation programs, as well as text editors. Besides the usual data protection measures that always are useful against such threats, malware experts only can suggest keeping active anti-malware protection suitable for blocking or deleting the BlackShades Crypter Ransomware, if it's imperative.

The Shade of Old Threat Attacks Refusing to Die

There are good reasons why Trojans specializing in file encryption have become a large aspect of 2016's threat market: they require comparatively little coding experience to lock most of a computer down and readily accept tweaks for being rented out to third parties. A new case of this trend in action, the BlackShades Crypter Ransomware, only was found in distribution in May. Malware experts still are verifying whether the BlackShades Crypter Ransomware is an independent project or one based on prior threats through a construction kit.

The BlackShades Crypter Ransomware operates under the same essential paradigm as most file encryptor Trojans. The BlackShades Crypter Ransomware launches automatically via Registry-based exploits, scans your PC without providing any visual UI elements of the process, and identifies any content that falls under appropriate formats, such as Word documents. The content then is encrypted with an algorithm (that may be identifiable as falling under the Advanced Encryption Standard, or AES), and may be renamed with ID number strings, e-mail addresses, or an arbitrary extension.

After having blocked the content, the BlackShades Crypter Ransomware delivers its ransom message through mechanisms potentially including locked desktop images or Notepad files found in the same directories as the encrypted data. These messages typically use a combination of incorrect information and timing-based threats to force victims into paying fees for their files. In some cases, malware experts found the associated threat authors incapable of providing the supposed decryption, or unwilling to do so.

Getting the Right Rite to Dismiss a the BlackShades Crypter Ransomware

The BlackShades Crypter Ransomware may be a non-negligible threat to any PC that stores valuable information, but its campaign has shown no remarkable features or proficiencies beyond those already seen in old file encryptors. Trojans of these classifications may use dedicated spam e-mail, such as fake invoice attachments, for installing themselves, but also may distribute themselves through networks, torrents or fake software updates. Active anti-malware protection, secure passwords, and responsible downloading habits all are effective armor against such infection vectors.

Although a cautious PC user might take note of the BlackShades Crypter Ransomware during its encryption routine and force it to terminate, most symptoms of file-encrypting Trojan's infections limit themselves to displaying after the attack concludes. Identify any affected files by their new names or refusal to open in an appropriate program, and use backup overwrites or free decryptors to undo the data loss. Windows local backups may be deleted, and malware experts don't recommend them as a sole recovery source from the BlackShades Crypter Ransomware.

No form of data recovery should take precedence over removing the BlackShades Crypter Ransomware, and other threats, from a computer. Allow your anti-malware tools the chance to scan the system, and the chances are high that you'll find additional threats besides a simple file encryptor.

Technical Details