Recently, the Internet community has been attacked by Black Shades ransomware. However, though the majority of ransomware viruses, which are able to encrypt personal information and urge victims to pay the ransom of several hundreds of dollars, are usually greedy, BlackShades Crypter is comparatively modest. Could it be less dangerous?
According to PC security experts, apart from the modest amount of ransom, BlackShades virus employs typical strategy. Once it infiltrates the system, it uses a popular RSA-4096 algorithm to encrypt victim’s files. As it was reported by Softpedia, this virus can also be called as “Silent virus” due to its peculiarity to append a .silent extension to all encrypted files. When the virus succeeds taking over the computer, it leaves a notification including file recovery instructions that are written in both, English and Russian, languages. As researchers from 2spyware have indicated, the victims are encouraged to contact [email protected] and pay a ridiculously small amount of money – $30. It is believed that the virus is released as an experiment before full-fledged version will be published.
Furthermore, the virus includes interesting details in its source code. Strings of texts in Russian claim that the virus is invincible. Cyber security analysts have also discovered that the virus includes “Youtube” in its source code as well. It is likely that this terrifying virus may be distributed via Youtube videos promoting new software and games. BlackShades is also seen targeting only local hard disk and specific folders in contrast to other infamous viruses.
Luckily, cyber security specialists have found a flaw in this cheap ransomware. Upon infiltrating the system, the malware tends to check the access to icanhazip.com. If it doesn’t succeed in connecting to it, it will crash displaying a message. If you enter “127.0.0.1 www.icanhazip.com” in c:\windows\system32\drivers\etc\hosts folder, it will terminate the query within your system and prevent it from connecting to the Internet. This precaution saves from getting infected with this threat. However, it does not help when Black Shades is already on the system. The only trustful way to deal with this menace is the installation of a proper security program. Though the virus has become famous for its cheapness, its inflicted damage does not differ from other highly aggressive ransomware.
