Ransomware attacks continue to dominate the cyber security landscape this year, with businesses paying millions of dollars to unlock encrypted files. Research reveals that almost 40% of successful malware based attacks involve Ransomware. Moreover, when it comes to Ransomware & its distribution, the threat intelligence strategy is not much needed making it popular among threat actors.
The world has seen its fair share of Ransomware attacks- the WannaCry being the deadliest of all. Ransomware is a ubiquitous security threat with one aim- extract payments from victims. Its impact continues to be significant with global organizations held to ransom every day.
There are many variants of Ransomware with new strains appearing with regularity denying users access to important files until ransom is paid. Recently researchers discovered a new Ransomware called BlackRouter being promoted as a Ransomware-as-a-service in a hacking channel on telegram by an Iranian Developer. Originally spotted in May 2018, a new version of BlackRouter was found that exhibits same traits with slightly different characteristics, for instance a better looking GUI (Graphical user Interface) & the addition of a timer.
A complete malicious kit capable of launching BlackRouter ransomware attack is available in the hacking channel. Availability of these packages reduces the need to code malware. Subscription to this malicious model allows even a novice cyber criminal to launch a ransomware attack without much difficulty. Once the attack is successful, the ransom money is shared among attackers & developers in the ratio of 4:1 respectively.
The threat actor in addition to promoting BlackRouter is also promoting a remote access Trojan called BlackRat that allegedly includes features such as AV evasion, encrypted communications, the ability to enable RDP, steal cryptocurrency wallets, keylogging, password stealing and a lot more.
BlackRouter Ransomware is distributed via:
BlackRouter Ransomware after infiltration drops two different pernicious files in the system to perform the malicious activities.
After completing the encryption process, a ransom note is displayed that contains detailed information. It demands to pay $300 to the victims in two wallets: $100 in one & $200 in another in bitcoin to gain access to the locked files.
However victims are recommended not to agree to pay the ransom to the threat actors in any case as it’s a mere trick to fool them. Moreover, once the ransom is paid they are often ignored. Hence, there is no way they are going to get the encrypted files from victims. Users rather should follow the steps given below to recover the lost files.
Targeted Operating System: Windows
Symptoms: User’s files are encrypted. A ransom note is displayed that demands a ransom of $300.
Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.
After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.