Black Feather Virus – Remove and Restore .blackfeather Files - How to, Technology and PC Security Forum |

Black Feather Virus – Remove and Restore .blackfeather Files


with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Black Feather and other threats.
Threats such as Black Feather may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy


A ransomware crypto-virus that calls itself Black Feather was recently found by the malware researcher Michael Gillespie. The virus is based on the popular HiddenTear open-source project and uses the AES encryption algorithm to lock files on a compromised computer. Files get locked with a new extension, namely .blackfeather. To see how to remove this ransomware and a possible solution to decrypt your files, carefully read this article.

Threat Summary

NameBlack Feather
TypeRansomware, Crypto-Virus
Short DescriptionThe ransomware will encrypt your files and demand payment of 0.3 Bitcoins, which is nearly 200 US dollars.
SymptomsThe ransomware will encrypt files with different extensions while appending the .blackfeather extension to them. A ransom note with instructions will be shown adterward.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Black Feather


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Black Feather.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Black Feather Virus – Infection Tactics

The new variant of the Black Feather ransomware is probably spread in more than one way. Spam emails are the most common way to be used in the delivery of this virus. The spam email has a very brief description that tries to sound urgent. At the end of the message, it prompts people to read the full message from an attached file or open that attachment for whatever reason. For this ransomware, its malicious payload is inside an Adobe PDF file that is attached to the e-mail. Opening it infects your computer system and later encrypts your data.

That file is coded in a clever way to hide its true file type, by displaying and error message:

→There was an error opening this document. The file is damaged and could not be repaired.

Social media sites or file-sharing networks could be used to spread Black Feather, as well. A good tip to avoid infection is to avoid suspicious e-mails, files or links. Always check a file you have downloaded for its signatures and size, plus perform a scan of it with security software. You should read other ransomware prevention tips from our forum.

Black Feather Virus – Closer Inspection

The Black Feather crypto-virus is based on the open-source, HiddenTear project. This ransomware was first discovered by the malware researcher Michael Gillespie.

After the Black Feather ransomware has released its payload file, it possibly creates entries in the Windows Registry, for persistence. Such entries provide an automatic start of the ransomware files with every launch of the Windows operating system. Then it goes to encrypt your files. When all of your data is encrypted, the virus creates the file BLACK_FEATHER.txt. That is the ransom note containing the payment instructions.

The BLACK_FEATHER.txt ransom note file reads the following:

This is a backup of the deposit address.
Send 0.3 BTC to decrypt your files
Validate payment in the program.

Those instructions are left in a file as a backup, but the true instructions show up as a text after the encryption ends. That text is the following:

Welcome to Black Feather.

Thank you for downloading our software.
All of your files have been encrypted with a secure 256-bit HASH.
This means you can no longer access your files without the decryption key.

You can decrypt your files by paying us 0.3 BTC, this will remove the encryption
and give you full access to your files again.

The price that Black Feather ransomware sets is 0,3 Bitcoins which equals to around 185 US dollars from the point of writing this article. You should NOT even think of paying these cybercriminals. They haven’t left any contact, but just an address to the payment system. There is no guarantee that you will receive anything by paying to decrypt your files.

Besides, Michael Gillespie has written that the private key is not sent to any Command and Control servers, so the criminals do not have a way to provide you with it. In other words – you cannot decrypt your data, even if you pay. There might be a decryption method that could work, although your chances might seem slim. Continue to read to see if you can somehow decrypt your files.

Currently, there is no information about what file extension get encrypted by this ransomware, but it is probably the most important files. Those can include pictures, documents, databases, videos, music, etc.

The encrypted files will have a new extension appended to each one of them, which is .blackfeather. The ransomware utilizes the strong AES encryption algorithm. Fear not, as there is a possible solution for decryption available below.

The Black Feather ransomware is very likely to delete the Shadow Volume Copies from the Windows operating system. Continue reading to find out how you can try to decrypt all of your files and bring them back to normal.

Remove Black Feather Virus and Restore .blackfeather Files

If your computer got infected with the Black Feather ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance of spreading further and infect more PCs. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by Black Feather.

Note! Your computer system may be affected by Black Feather and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Black Feather.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Black Feather follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Black Feather files and objects
2. Find files created by Black Feather on your PC

Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Black Feather

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share