BlackHeart is a dangerous ransomware that belongs to the MedusaLocker family. Upon infection, BlackHeart encrypts files and appends the “.blackheart138” extension, making them inaccessible to the victim. This type of ransomware is designed to extort money from individuals or organizations by encrypting their valuable data and demanding a ransom in exchange for the decryption key. The threat is typically delivered through malicious email attachments, compromised websites, or infected software downloads.
Threat Summary
| Attribute | Details |
|---|---|
| Threat Name | BlackHeart ransomware |
| Threat Type | Ransomware, Crypto Virus, File Locker |
| Encrypted Files Extension | .blackheart138 |
| Ransom Note File Name | read_this_to_decrypt_files.html |
| Associated Email Addresses | support1@contonta.com, support2@cavopo.com |
| Detection Names | Avast (Win64:RansomX-gen), ESET-NOD32 (Variant of Win64/Filecoder.MedusaLocker.A), Kaspersky (HEUR: Trojan-Ransom.Win32.Generic), Microsoft (Ransom: Win64/MedusaLocker) |
| Symptoms of Infection | Files cannot be opened, files renamed with “.blackheart138” extension, ransom note displayed |
| Damage | All files encrypted, no access without paying ransom, possible installation of additional malware |
| Distribution Methods | Malicious email attachments, compromised websites, torrent websites, infected USB drives, malicious ads |
| Danger Level | High, due to encryption of important files and potential data leaks |
What Is BlackHeart Ransomware?
BlackHeart ransomware is part of the MedusaLocker family, which is notorious for encrypting files and demanding a ransom from the victim to provide the decryption key. Upon execution, BlackHeart encrypts the victim's files, appending the ".blackheart138" extension to them. For example, "1.jpg" becomes "1.jpg.blackheart138," rendering the files inaccessible.
In addition to encrypting files, BlackHeart drops a ransom note called "read_this_to_decrypt_files.html." This note outlines the ransom demand and provides instructions for the victim on how to make payment and recover their files.
BlackHeart Ransom Note - Full Text
The ransom note left by the BlackHeart ransomware threat reads:
Your personal ID:
-
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!
Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. We are the only ones able to
solve your problem.
We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..
We only seek money and our goal is not to damage your reputation or prevent
your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.
Contact us for price and get decryption software.
email:
support1@contonta.com
support2@cavopo.com
* To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.
* Tor-chat to always be in touch:As seen in the ransom note, the attackers demand payment in exchange for the decryption key. They also threaten to release sensitive data if the victim refuses to pay, adding an element of extortion to their demands.
Symptoms of BlackHeart Ransomware Infection
When BlackHeart infects a system, it encrypts files and changes their extensions to .blackheart138. This is one of the first signs that a system has been compromised. Victims will also notice that they can no longer access their files and may see the ransom note displayed on their desktop or in the file system.
Key Symptoms
- Files become inaccessible with the new extension, such as "1.jpg.blackheart138".
- A ransom note titled "read_this_to_decrypt_files.html" appears on the victim's desktop.
- The ransomware may display a message demanding payment to unlock files.
- Possible installation of additional malware such as password-stealing trojans or information theft tools.
How BlackHeart Ransomware Is Delivered
BlackHeart ransomware is commonly spread through various methods:
- Infected Email Attachments – Cybercriminals often send phishing emails with malicious attachments, such as Word documents or executable files, that contain the ransomware payload.
- Compromised Websites – Ransomware can be downloaded by visiting compromised or malicious websites that exploit vulnerabilities in outdated software.
- Malicious Ads and Torrent Sites – Users may unknowingly download BlackHeart from malicious ads or pirated software from torrent websites.
- Infected USB Drives – The ransomware can also spread through USB drives that are already infected.
How to Remove BlackHeart Ransomware with SpyHunter
To remove BlackHeart ransomware from your system, follow the steps below using SpyHunter, a reputable anti-malware tool:
- Download and Install SpyHunter: Once downloaded, install the program.
- Run a Full System Scan: Launch SpyHunter and select the "Full System Scan" option to scan for BlackHeart ransomware and other potential threats.
- Remove Detected Threats: Once the scan is complete, SpyHunter will display a list of all detected threats, including BlackHeart. Select "Remove" to eliminate the ransomware from your system.
- Restart Your Computer: After removing the ransomware, restart your computer to ensure all changes take effect.
- Backup Your Files: If you have backups of your files, you can restore them once your system is clean.
Preventive Measures Against BlackHeart and Other Ransomware
- Keep Software Up-to-Date: Regularly update your operating system and software to close vulnerabilities that cybercriminals may exploit.
- Use Reputable Security Software: Install and maintain reliable antivirus software like SpyHunter to protect against malware.
- Backup Your Data Regularly: Keep backups of your critical files in an external location or cloud storage to ensure data is recoverable in the event of an attack.
- Be Cautious with Email Attachments: Do not open attachments or click on links in unsolicited emails, especially from unknown senders.
- Avoid Malicious Websites and Ads: Do not visit untrusted websites, and avoid clicking on pop-ups or ads that may contain malware.
- Disable Macros in Office Documents: Many ransomware infections are spread through malicious macros embedded in documents. Disable macros unless absolutely necessary.
- Use Strong Passwords and Multi-Factor Authentication: Secure your devices with strong passwords and enable multi-factor authentication wherever possible to prevent unauthorized access.
Conclusion
BlackHeart ransomware is a serious threat that can cause significant damage to individuals and organizations by encrypting valuable files and demanding a ransom for their release. It is crucial to follow the recommended steps for removing BlackHeart, using SpyHunter, and employing preventive methods to avoid falling victim to future ransomware attacks.
If you have been infected by BlackHeart, do not attempt to pay the ransom. Instead, focus on removing the ransomware from your system, restoring from backups if available, and implementing strong security measures going forward.
