Blackshades Ransomware Accepts PayPal Payments For Decryption

Not a week goes by before a new type of ransomware is discovered all of a sudden. One of the recent installments to hit the markets is called Blackshades, and it is openly daring security researchers to best it. However, this is also one of the cheapest strains of ransomware to get rid of.

Do Not Mess With Blackshades Ransomware

As one would come to expect from ransomware these days, the malicious code will encrypt all files on a computer. Software like this does not discriminate between documents, movies, or pictures, and Blackshades is no different in that regard. A special “.Silent” file extension is generated for every file that gets encrypted.

What is rather intriguing is how Blackshades uses a command and control server, something most newer versions of ransomware seemed to shy away from. But that is not all, as the software will try to connect to Google during the encryption process, as well as keep a log of how many files have been encrypted.

But that is not the strangest part about Blackshades. In most cases, ransomware removal is a very costly manner, with prices ranging from US$300 to several thousand dollars. But this particular strain only asks for US$30, which may entice a lot of its victims just to pay the fee and be done with it. A smart strategy, if that is the case.

Moreover, this is one of the very few types of ransomware that accepts payments to be made in either Bitcoin or PayPal. This latter option is of significant interest, as it far from anonymous. But so is Bitcoin, even though very few people seem to realize that. The assailants also use a Proton Mail email address from which they will send decryption instructions.

Security researchers have their work cut out for them as far as Blackshades is concerned, though. Every ransomware leaves explicit messages on a computer. But with this malware, the messages contain hidden notes for researchers, which is putting a lot of them on edge. For the time being, the distribution method of this ransomware remains a mystery, but fake patches and videos are the most plausible source for now.

Source: Threatpost

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.