Blind Ransomware
Posted: September 19, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 5,552 |
|---|---|
| Threat Level: | 5/10 |
| Infected PCs: | 4,778 |
| First Seen: | September 19, 2017 |
|---|---|
| Last Seen: | October 16, 2023 |
| OS(es) Affected: | Windows |
The Blind Ransomware is a Trojan that uses file-encoding attacks to lock your media until you pay its ransom. Since decrypting any damaged files may or may not be possible, PC users should keep backups that compensate for the potential data loss due to an infection. Otherwise, having anti-malware protection to block this threat prematurely or delete the Blind Ransomware as soon as possible afterward is the recommended solution.
An Onset of File Blindness
Threat actors remain intent on reusing the components of previous Trojan campaigns in their attacks against businesses, branches of government and recreational PC owners. Although Trojans like the Blind Ransomware display little in the way of originality, their non-consensual encryption functions are, none the less, effective ways of taking content hostage while awaiting their ransom payments. This Trojan is using messages that its author is copying from attacks like those of the Scorpio Ransomware, although malware experts find no evidence of the connection being anything other than superficial.
The Blind Ransomware encodes and locks files on the infected PC using a still-unidentifiable algorithm, with some of the most common possibilities including AES, RSA, and XOR.The Blind Ransomware also appends the threat actor's email address and the '.blind' string to the names, with the former playing a part in the extortion negotiations process. Once your files, such as text documents, music, or pictures, are encrypted, the Blind Ransomware creates an advanced Web page to convey its threat actor's demands.
Most of the text in the message is copied from the Scorpion Ransomware campaign and those of similar threat directly. However, the Blind Ransomware's author updates the end of the note to include an ID number that's custom-generated for that infection. He asks the victim to contact him for further information on paying Bitcoins for the file-unlocking service and avoids providing a specific sum ahead of time. This social engineering technique is one malware experts find in similar attacks for allowing the con artists to maximize their bargaining possibilities. These ransoms can range in value from under a hundred to thousands of dollars.
Restoring Sight to the Blindly Locked
Because of decryption opportunities, particularly, free ones, not always being available to victims, PC users should protect their files from the Blind Ransomware's payload by keeping additional copies of their work on other devices. Locally-saved backups often are targets for deletion by file-locking threats, and our malware experts find the best chances of recovery coming from such backup methods as peripheral devices and cloud services. In worst-case circumstances, victims always should test free decryption software before paying a criminal for a solution that may be inadequate.
Trojans with file-locking features are notable for circulating prominently through email spam, particularly attached documents, compressed archives, or executables with intentionally incorrect extensions. Some threat actors also prefer using Exploit Kits, fake torrent downloads, or Remote Desktop-based server attacks for compromising a PC. Users who keep anti-malware products for removing the Blind Ransomware upon its detection and don't use easily-broken network passwords should be in minimal danger of having their files locked.
For the unscrupulous, there's money to make from even the most completely recycled of Trojan attacks. Since the Blind Ransomware pays no price in encryption capabilities for being clones of their ancestors, victims should do their parts to avoid paying its price in Bitcoins for their files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.