Black Worm Ransomware
The Black Worm Ransomware is a variant of Hidden Tear, a file-locker Trojan whose code is available for free. The Black Worm Ransomware's attacks lock your files by encrypting them and flag them with additional extensions. Users can recover their work with either backups or free decryption solutions and should let their anti-malware software delete the Black Worm Ransomware securely.
Cheating Yourself Out of What You've Saved to Your Hard Drives
A new file-locker Trojan is asking for two hundred USD in ransoms for restoring the files that it attacks, with unknown targets in mind for its campaign. This clone of Hidden Tear, the Black Worm Ransomware, is using the AES encryption and may be targeting media for either recreational and personal-use systems or business, government and NGO networks. The disguise in question, however, suggests that the Black Worm Ransomware is targeting would-be gaming hackers.
The Black Worm Ransomware's executable is circulating with the name of a Roblox hacking tool, similarly to the much-older campaign of the Roblocker X Ransomware. A minority of samples, also, are using the generic 'svchost' label that would make it resemble a default part of Windows and provide cover while it's running as a background process. Regardless of the name, malware experts are dubbing its payload as a nearly-unaltered copy of Hidden Tear that locks most of the system's media content with the AES encryption.
The Black Worm Ransomware also generates Notepad messages that deliver ransoming demands for the victim. The threat actors call for a 200 USD payment in Bitcoins for their decryption service, although the users should be aware of freeware equivalents for nearly all the members of Hidden Tear's family. The Black Worm Ransomware also adds an extension, 'bworm,' to every media file (such as documents or pictures) that it targets for encrypting. Malware analysts are verifying no evidence of legitimate, worm-based features in the Black Worm Ransomware, however; this threat can't self-duplicate, although it may lock the files on your network shares.
Deworming Your Files on the Cheap
While there's no tracking of ransoms being paid to the Black Worm Ransomware's account, so far, paying for a threat actor's decryption service is a solution with a less than perfect success rate. There are free-for-download decryption solutions for the Hidden Tear family that could unlock any otherwise-unrecoverable media without charge. Readers should note that malware analysts always encourage creating extra copies of any data for decrypting since the wrong decryption algorithm can cause more damage.
Gaming cheat engines, cracks, and similar, illicit downloads can be resources for circulating file-locker Trojans and numerous, other threats, not all of which have easy solutions for undoing the consequences of infections. Besides avoiding resources with these risks, such torrents, the users can protect their PCs by scanning every download with an appropriate AV or anti-malware product before opening it. Nearly all anti-malware tools should delete the Black Worm Ransomware without experiencing problems, automatically.
The two hundred USD of the Black Worm Ransomware's ransom isn't nearly as expensive as the thousands of dollar demands that threat actors leverage against businesses routinely. That relative affordability, however, isn't tantamount to justifying paying it, since the criminals have little incentive for honoring their word, once they have the Bitcoins in hand.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.