BlackFeather Ransomware

What is BlackFeather Ransomware?

BlackFeather Ransomware is a newly released infection that was created while using the source code of a malicious program called Hidden-Tear Ransomware. Moreover, the malware encrypts user’s data and displays a message from its developers. They urge users to pay a ransom and in exchange promise to unlock enciphered files. However, our researchers learned that the threat’s creators would be unable to keep up to this pledge. If you want to know more, we would advise you to read the rest of the article as we will explain everything in more detail. In any case, you probably realize it already that there is no point even to consider paying the ransom. The best you can do is take care of the system and clean it from BlackFeather Ransomware. To complete this task, you can use the instructions below the text or a reliable antimalware tool.testtest

Where does BlackFeather Ransomware come from?

The research shows that BlackFeather Ransomware could be distributed via Spam emails. Its victims should receive an infected file with an icon of a PDF document. Because of its deceiving appearance, the attachment may not raise any suspicion. Even after opening the file, you might be unable to understand what is happening. Apparently, the malware tries to gain time for itself by showing the user a false warning, which identifies the file as damaged. Therefore, while you are thinking about what could be wrong with the attachment or even trying to download it again, the malicious program starts the encryption process.

How does BlackFeather Ransomware work?

Our researchers at Anti-spyware-101.com are quite well familiar with the malware’s working manner as it is one of the infections created while using a malicious open-source application called Hidden-Tear Ransomware. Thus, for the encryption process, BlackFeather Ransomware should use a cryptosystem known as AES-256. During it, the threat should lock its targeted files, such as photos, images, text and other documents, etc. The infection also adds an extension called .blackfeather to all enciphered data, e.g. photo.jpg.blackfeather. The files that do not have the extension should not be affected.

When the malicious program finishes its job, it might display a form with the ransom note. The note says that users have to pay 0.3 Bitcoins, which is around 190 US Dollars at the moment. The same demands are stated in a text file named as BLACK_FEATHER.txt. BlackFeather Ransomware could place it on your Desktop. Both the form and the text file should say that the malware’s creators can restore enciphered data if you pay the ransom. Unfortunately, it does not appear to be possible, because the infection should save a decryption key, which is generated during the encryption process, but it does not. If there is no key, they cannot unlock your data. Meaning, paying the ransom would be the same as throwing your money out.

How to erase BlackFeather Ransomware?

This malware does not leave its data on the infected computer. Still, it is important to get rid of its setup file, which is the fake PDF file you might have downloaded from Spam email. The removal instructions below will list a few usual places where users often save their downloaded data. Thus, you can simply follow the instructions and eliminate the infection. There is also one more way to delete it if you install a reputable antimalware tool. Open the software, start the system scan, and wait till it detects the malicious program and other possible threats. Then, click the removal button and erase all detections.

Eliminate BlackFeather Ransomware

  1. Check the Downloads, Desktop, Temporary Files, and other directories where you might have saved the malware’s installer (e.g. fake PDF document).
  2. Right-click the file and press Delete.
  3. Navigate to Desktop and search for a file titled as “BLACK_FEATHER.txt.”
  4. Right-click it and choose Delete.
  5. Empty your Recycle bin.
100% FREE spyware scan and
tested removal of BlackFeather Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *