Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Black Shades Ransom Software Demands a Paltry $30 to Unlock Files

Jack a security researcher working independently, of late, identified a ransomware which is known as "Black Shades" as it just doesn't encrypt files, however, behaves tauntingly too against security researchers.

When Black Shades infects an end-user's computer it suffixes an additional extension to the files it encrypts viz. ".silent".

According to Bleeping Computer, security investigators belonging to MalwareHunterTeam think that for spreading itself, the ransomware possibly relies on fake patches, spurious cracks or bogus videos.

Jack, who has not seen the attack taking place, nonetheless told SCMagazine.com through e-mail that Black Shades probably got disseminated through malicious installs obtainable on websites featuring file sharing function, as well as in the form of fake updates.

Two more aspects of Black Shades make it unique compared to the large number of ransomware samples which surface on a weekly basis. One, its controllers ask for a very small ransom amount of only $30 from the victims. The ransom needs to be paid either through PayPal alternatively in Bitcoin for freeing the locked files. Other ransomware samples normally demand in the range of 0.5 to 1 Bitcoin ($250-$500).

During the process of infection, Black Shades just encrypts a few frequently utilized folders of C drive, the folders in "Desktop," "Documents" and "Downloads" with the aid of AES-256 encryption, while as well installs one file named YourID.txt inside each folder. This installed file carries the ID specific to the victim. On the remaining drives, however, Black Shades encrypts each of the folders it scrutinizes. Scmagazine.com posted this online dated June 6, 2016.

Further, MalwareHunterTeam detected one peculiarity in the Black Shades ransomware which can enable end-users to gain protection against it. It seems during the malware's early phases of infection, it determines the Internet Protocol address of the end-user via a query to the icanhazip.com online site.

And given that security investigators have already revealed this trick, expectedly, future editions of Black Shades will be made free of it. At present, cracking the ransomware is undoable. However, ways for tackling the threat can be comprehended via visiting the Black Shades support site of Bleeping Computer.

» SPAMfighter News - 6/10/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page