Black Worm Ransomware
The Black Worm Ransomware is a variant of Hidden Tear, a file-locker Trojan whose code is available for free. The Black Worm Ransomware's attacks lock your files by encrypting them and flag them with additional extensions. Users can recover their work with either backups or free decryption solutions and should let their anti-malware software delete the Black Worm Ransomware securely.
Cheating Yourself Out of What You've Saved to Your Hard Drives
A new file-locker Trojan is asking for two hundred USD in ransoms for restoring the files that it attacks, with unknown targets in mind for its campaign. This clone of Hidden Tear, the Black Worm Ransomware, is using the AES encryption and may be targeting media for either recreational and personal-use systems or business, government and NGO networks. The disguise in question, however, suggests that the Black Worm Ransomware is targeting would-be gaming hackers.
The Black Worm Ransomware's executable is circulating with the name of a Roblox hacking tool, similarly to the much-older campaign of the Roblocker X Ransomware. A minority of samples, also, are using the generic 'svchost' label that would make it resemble a default part of Windows and provide cover while it's running as a background process. Regardless of the name, malware experts are dubbing its payload as a nearly-unaltered copy of Hidden Tear that locks most of the system's media content with the AES encryption.
The Black Worm Ransomware also generates Notepad messages that deliver ransoming demands for the victim. The threat actors call for a 200 USD payment in Bitcoins for their decryption service, although the users should be aware of freeware equivalents for nearly all the members of Hidden Tear's family. The Black Worm Ransomware also adds an extension, 'bworm,' to every media file (such as documents or pictures) that it targets for encrypting. Malware analysts are verifying no evidence of legitimate, worm-based features in the Black Worm Ransomware, however; this threat can't self-duplicate, although it may lock the files on your network shares.
Deworming Your Files on the Cheap
While there's no tracking of ransoms being paid to the Black Worm Ransomware's account, so far, paying for a threat actor's decryption service is a solution with a less than perfect success rate. There are free-for-download decryption solutions for the Hidden Tear family that could unlock any otherwise-unrecoverable media without charge. Readers should note that malware analysts always encourage creating extra copies of any data for decrypting since the wrong decryption algorithm can cause more damage.
Gaming cheat engines, cracks, and similar, illicit downloads can be resources for circulating file-locker Trojans and numerous, other threats, not all of which have easy solutions for undoing the consequences of infections. Besides avoiding resources with these risks, such torrents, the users can protect their PCs by scanning every download with an appropriate AV or anti-malware product before opening it. Nearly all anti-malware tools should delete the Black Worm Ransomware without experiencing problems, automatically.
The two hundred USD of the Black Worm Ransomware's ransom isn't nearly as expensive as the thousands of dollar demands that threat actors leverage against businesses routinely. That relative affordability, however, isn't tantamount to justifying paying it, since the criminals have little incentive for honoring their word, once they have the Bitcoins in hand.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Black Worm Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.