Remove Blackzd Ransomware and Restore Renamed Files - How to, Technology and PC Security Forum | SensorsTechForum.com

Remove Blackzd Ransomware and Restore Renamed Files

This article aims to help you remove the Blackzd ransomware virus and then show you how to restore renamed files encrypted by this ransomware virus.

A new ransomware virus, that renames the files on the computers infected by it has been reported by malware researchers. The infection, called Blackzd aims to perform numerous modifications on the computers of victims, among which is to drop it’s distinctive ransom note on the victims’ computers,
named README_{RANDOM}.txt, which aims to get users to write to the e-mail [email protected] or [email protected] The ransomware infecion’s end goal is to get victims to pay a hefty sum to the cyber-criminals and they threaten to destroy the data in 72 hours If a payoff has not yet been made.

Threat Summary

NameBlackzd
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the computers that have been infected by it after which gets victims to pay a hefty ransom fee in order to decrypt them.
SymptomsThe files on the infected computer are renamed with random names and the virus leaves behind a README_{random}.txt ransom note with demands to contact the crooks via e-mail.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Blackzd

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Blackzd.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Blackzd Ransomware – How Did I Get Infected

Among the primary methods of infection, the Blackzd ransomware uses is the malspam. This is essentially the massive spam of e-mails to the addresses of the victims with a pretext that the messages sent are legitimate and they have an important e-mail attachment that has to be opened. This very attachment may be a loader or a dropper or any other infection malware which may download the malicious payload of Blackzd Ransomware on your computer system.

Other methods of infection include uploading the malicious files of Blackzd ransomware as fake setups, game cracks, key generators or any other executable files that may look legitimate and fool the victim, they are such.

Inspection of Blackzd Ransomware

The Blackzd ransomware is your typical ransom malware. The virus causes an infection to your computer after which drops it’s malicious files on it. These malicious files consist of the main executable of Blackzd ransomware as well as several support files, all of which may be located in the following Windows directories:

  • %AppData%
  • %Roaming%
  • %Local%
  • %LocalLow%
  • %Temp%
  • %SystemDrive%

After the virus drops it’s files, Blackzd ransomware may begin to interfere with the Windows processes, gaining itself administrative privileges which are later used to encrypt the files on your computer. The virus may also modify the Windows Registry Editor, attacking the following registry sub-keys which make it possible for Blackzd to run on Windows boot:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

After adding value strings in those registry sub-keys the Blackzd ransomware virus may also delete the shadow-volume copies of the infected computer. This is achieved by running the following commands in a hidden manner, without you noticing it:

→ process call create “cmd.exe /c
vssadmin.exe delete shadows /all /quiet
bcdedit.exe /set {default} recoveryenabled no
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures

After doing so, the Blackzd ransomware may begin encrypting your important files and drop it’s ransom note file, which is named README_{random}_{random}.txt and has the following message:

Your files have been encrypted!
{Unique Key}
Download video decryption: https://www.screencast.com/t/DTQwRyaM

To decrypt your files, write to email: [email protected] or [email protected] net
In the letter, send your personal Id and 2 small encrypted files for trialdecryption.

If you dont get answer from [email protected] or [email protected]et in 72 hours,
you need to install tor browser, you can download it here:
https://www.torproject.org/download/download.html.en

After installation, open the tor browser to website:
http://maithor22yjdctd.onion/register.php
Register on the site a new email address and write to us with his letter to our
address: [email protected]
Do not try restore files without our help, this is useless, and can destroy you data permanetly.
However, the files can be recovered even after the removal of our program and even
after reinstalling the operating system.

The Encryption of Blackzd Ransomware

In order to encrypt your files, the Blackzd ransomware virus may use different types of encryption algorithms. Their primary goal is to make it possible for the files to be no longer openable, but also so that a unique key is generated which can unlock those files with the proper software. Naturally, this software is only available to the cyber-criminals, which is the main reason why they ask money for it. The Blackzd ransomware is very careful to not encrypt important Windows files, since it may damage your operating system. The virus however may encrypt files on your computer that may be important to your, for example:

  • Documents.
  • Pictures.
  • Videos.
  • Music files.
  • Archived files.
  • Others.

After doing so, Blackzd ransomware may completely rename those files, which results in them having random names, like the following:

Usually the first couple of symbols and letters are the same for each file, but the second part of the name is random for each single file.

Remove Blackzd Ransomware and Restore Renamed Files

Before beginning the removal process of Blackzd ransomware virus, we strongly suggest that you backup your encrypted files before the removal process begins. Then, it is suggestible to remove Blackzd’s malicious files from your computer preferably by following the instructions below. They are specifically designed so that you go through a smooth removal process. If manual instructions fail to remove the threat or you feel uncertain that you will be able to handle this virus manually, experts always advise to choose an advanced ransomware-specific removal tool. Such will ensure that Blackzd ransomware is fully deleted and your computer is protected in the future as well.

If restoring your files is your main concern, do not pay the ransom and save your files – a decrypter may be released in the future which could help you restore your encrypted files for free. In the meantime, you can try our alternative methods for file recovery from step “2. Restore files encrypted by Blackzd” below. They may not be 100% guarantee that you will recover your files, but may restore some of your files, depending on how they are encrypted.

Manually delete Blackzd from your computer

Note! Substantial notification about the Blackzd threat: Manual removal of Blackzd requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Blackzd files and objects
2.Find malicious files created by Blackzd on your PC

Automatically remove Blackzd by downloading an advanced anti-malware program

1. Remove Blackzd with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by Blackzd
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...