BlackShades Crypter Ransomware

Posted by Max Lehmann on May 31, 2016

What is BlackShades Crypter Ransomware?

If you have not employed authentic anti-malware software to protect your PC, and you personal files are not backed up, BlackShades Crypter Ransomware is your worst enemy. This clandestine threat slithers in and uses an encryption algorithm to encrypt certain files. Although it claims to use the RSA encryption algorithm, we cannot confirm this. Unfortunately, whichever encryption method is used, it is unlikely that you will be able to decrypt your files yourself. In fact, even third-party decryption software might be helpless against this threat. Although the ransom that this threat demands is not that big, paying it is risky because, after all, it was issued by cyber criminals, and it is unusual for them to help users in any way. In fact, many users dealing with ransomware infections warn that their payments are of no avail. Learn more about the risks associated with and the removal of BlackShades Crypter Ransomware within this report.testtesttest

How does BlackShades Crypter Ransomware work?

BlackShades Crypter Ransomware is capable of infecting computers silently, but it cannot slither in without any of your notice. In most cases, this threat slithers in via spam email attachments, which means that you are the one who downloads and executes the ransomware. Of course, malware can also be downloaded by Trojans or hide in software packages, but our researchers at Anti-Spyware-101.com point that spam-email attacks are the most common method of distribution. Once executed, this threat immediately encrypts your personal files and creates its own files. Hacked_Read_me_to_decrypt_files.Html is one of these files, and it represents what the developer of the ransomware expects from you. The message in this file informs that you need to pay a ransom of 30 USD to a certain account. Saraswati Ransomware, JohnyCryptor Ransomware, and other infamous infections might be asking for bigger ransom payments, but that does not mean that they are more malicious. After all, there are no guarantees that your files would be released, no matter how much money you give up. Our researchers have found that the scary Hacked_Read_me_to_decrypt_files.Html file is copied to all directories containing encrypted files. The main location, however, is %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup, a directory that also contains one of the two copies of the malicious ransomware file. The other one is located in %APPDATA%\Windows.

If you remove BlackShades Crypter Ransomware files, you might lose the option to pay the ransom. YourID.txt and Ваш идентификатор are two identical files that warn you not to remove them if you want to proceed with the decryption of your personal files. Both of them include the so-called ID (a monstrous combination of letters and numbers) that cyber criminals identify you by. If you lose this ID, it is unlikely that you will be able to decrypt your files that, upon encryption, are provided with the ".silent" extension. Needless to say, this extension helps identify the files struck by this devious ransomware. Have you tried removing this extension from your files? Do not bother with this, as this will not help you. Removing the ransomware has the same effect. Nevertheless, it is crucial to get rid of this threat as soon as possible.

How to delete BlackShades Crypter Ransomware

You need to figure out what you want to do about the file decryption before you remove BlackShades Crypter Ransomware from your computer. If you want to take a risk and pay the ransom, you have to do it now. Of course, this is not what we recommend because it is too risky, and we do not want you losing your money. If you choose to follow the demands of cyber criminals, do so at your own risk. Now, if you are looking into file decryption tools, do it soon, but be careful so as not to install fake software. Of course, if files are backed up, you can move to the removal of the ransomware without further hesitation. If you are looking for a clean, quick, and effortless removal, install legitimate anti-malware software. If you trust your own skills, use the instructions below. Also, do not hesitate to use the comments section below to ask us questions.

Removal Instructions

  1. Delete the files created by ransomware from your Desktop.
  2. Launch Explorer (tap Win+E).
  3. Enter %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ or %ALLUSERSPROFILE%\Start Menu\Programs (if you use Windows XP).
  4. Delete the Hacked_Read_me_to_decrypt_files.Html file, as well as the malicious .exe file (might have a unique name, such as win.exe).
  5. Enter %APPDATA%\Windows.
  6. Delete the same malicious .exe file you found in the previous directory (e.g., win.exe).
  7. Launch RUN (tap Win+R).
  8. Enter regedit.exe and click OK.
  9. In the Registry Editor move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  10. Right-click and Delete the value called Driver.
  11. Restart the PC and immediately scan your operating system to look for any malicious leftovers.
100% FREE spyware scan and
tested removal of BlackShades Crypter Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *