Black Shades Ransom Software Demands a Paltry $30 to Unlock Files

Jack a security researcher working independently, of late, identified a ransomware which is known as "Black Shades" as it just doesn't encrypt files, however, behaves tauntingly too against security researchers.

When Black Shades infects an end-user's computer it suffixes an additional extension to the files it encrypts viz. ".silent".

According to Bleeping Computer, security investigators belonging to MalwareHunterTeam think that for spreading itself, the ransomware possibly relies on fake patches, spurious cracks or bogus videos.

Jack, who has not seen the attack taking place, nonetheless told SCMagazine.com through e-mail that Black Shades probably got disseminated through malicious installs obtainable on websites featuring file sharing function, as well as in the form of fake updates.

Two more aspects of Black Shades make it unique compared to the large number of ransomware samples which surface on a weekly basis. One, its controllers ask for a very small ransom amount of only $30 from the victims. The ransom needs to be paid either through PayPal alternatively in Bitcoin for freeing the locked files. Other ransomware samples normally demand in the range of 0.5 to 1 Bitcoin ($250-$500).

During the process of infection, Black Shades just encrypts a few frequently utilized folders of C drive, the folders in "Desktop," "Documents" and "Downloads" with the aid of AES-256 encryption, while as well installs one file named YourID.txt inside each folder. This installed file carries the ID specific to the victim. On the remaining drives, however, Black Shades encrypts each of the folders it scrutinizes. Scmagazine.com posted this online dated June 6, 2016.

Further, MalwareHunterTeam detected one peculiarity in the Black Shades ransomware which can enable end-users to gain protection against it. It seems during the malware's early phases of infection, it determines the Internet Protocol address of the end-user via a query to the icanhazip.com online site.

And given that security investigators have already revealed this trick, expectedly, future editions of Black Shades will be made free of it. At present, cracking the ransomware is undoable. However, ways for tackling the threat can be comprehended via visiting the Black Shades support site of Bleeping Computer.

» SPAMfighter News - 6/10/2016