We believe bundling AnyDesk with the ransomware might be an evasion tactic. When it has accomplished its encryption routine, RANSOM_BLACKHEART will then drop a ransom note, in which the attackers demand $50 or 0.006164 BTC for decryption, in the following locations: BlackRouter extension to the affected file. ![]() Once it has found and encrypted a file, it will append the. ![]() It will search out and encrypts all files with these extensions in the following folders: Based on our analysis, we can determine that it's a fairly common ransomware, with a routine that encrypts a variety of files that use different extensions as part of its routine. The second file is the actual ransomware.
0 Comments
Leave a Reply. |