BlackRuby-2 Ransomware

What is BlackRuby-2 Ransomware?

BlackRuby-2 Ransomware is a new version of BlackRuby Ransomware. It would be a lie if we told you that it is a prevalent infection that has already caused problems to hundreds of users because it is not. It has been detected only recently, so its infection rate is still low. It does not mean that this cannot change soon, so you should not keep your system unprotected if you do not want to find this nasty ransomware infection active on your computer. It has been observed by researchers at that BlackRuby-2 Ransomware checks the victim’s IP address and does not encrypt files on his/her computer if it finds out that the user lives in Armenia, Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, Turkmenistan, or Turkey. In all other cases, it encrypts users’ personal files the second it infiltrates their computers. It acts like other ransomware infections – it locks the most important users’ files. You will be told that you can decrypt them with Black Ruby Decryptor, but you should not invest in this tool because you might not even get it from cyber criminals, or you might find out that it cannot unlock a single file. You will not find free decryption software to download from the web, but it does not mean that users who want to get their files back must purchase the special decryptor. All encrypted files can be restored from a backup easily once the ransomware infection is removed from the system.

What does BlackRuby-2 Ransomware do?

BlackRuby-2 Ransomware mercilessly locks files on victims’ computers. Since it does that immediately after successfully infiltrating computers, users soon find out that they have this infection installed on their systems. They also notice that their files look differently – they get a new filename extension appended. For example, file.jpg might become Encrypted_9Yvb3RNlPfC0y6ZC3f9Gm3fQHqUEVJ0rt4Lm6ZUgJ5IJ.BlackRuby2 after the successful entrance of this ransomware infection. Users should also find a ransom note (HOW-the TO_DECRYPT-files.txt) after their all files get encrypted. The ransom note tells users that they need to send the “Identification Key” together with two encrypted files whose size is less than 5 MB to the provided email address. Cyber criminals behind BlackRuby-2 Ransomware promise to decrypt these two files for free, but users are told that they will need to purchase the special tool called Black Ruby Decryptor to unlock all remaining files. It demands a ransom in Bitcoin. If you have found the decryptor cheap, you should still not purchase it because there are no guarantees that you will get it or that it will work. If it turns out that the decryptor is useless, you will not get your money back, so it would be best that you restore your files in a different way, for example, transfer them to your PC from a backup after the full ransomware removal.

Where does BlackRuby-2 Ransomware come from?

If you are reading this report from the beginning, you should already know that BlackRuby-2 Ransomware is not distributed very actively. Because of this, it is still difficult to say how it will be spread in the future. According to our researchers, popular distribution methods used to spread ransomware infections should not change. That is, BlackRuby-2 Ransomware should also be distributed via spam emails. Ransomware infections usually pretend to be harmless email attachments to make sure more users open them, so it is not surprising at all that many ransomware-type infections become prevalent in a short period of time. New ransomware infections are developed by cyber criminals almost every day, so a similar threat might infiltrate your computer in the future if you do not do anything today to protect it against malicious software. The installation of a reputable antimalware tool would be a good solution to the problem. If you install it, it will not allow any threats to enter your system.

How to remove BlackRuby-2 Ransomware

Our instructions will help you to delete BlackRuby-2 Ransomware from the system manually, but you should still scan your system with an automated malware remover because the ransomware infection might revive or continue working on your system if you leave any malicious components belonging to it on your computer. Click the Download button below and download the free diagnostic scanner to check your system’s current condition.

Delete BlackRuby-2 Ransomware

  1. Tap Win+R and type regedit. Click OK.
  2. Access HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run.
  3. If you can locate a Value associated with BlackRuby-2 Ransomware, select it and click Delete.
  4. Tap Win+E to open Windows Explorer.
  5. Check %WINDIR%\SysWOW64 and %WINDIR%\System32.
  6. If you can locate a folder named BlackRuby there, delete it right away.
  7. Remove the ransom note HOW-the TO-DECRYPT-files.txt.
  8. Delete all suspicious recently downloaded files from %USERPROFILE%\Downloads.
  9. Empty Trash.
  10. Perform a scan with a diagnostic scanner. 100% FREE spyware scan and
    tested removal of BlackRuby-2 Ransomware*

Leave a Comment

Enter the numbers in the box to the right *