Here, the analysts assert that the very first victim of the BlackCocaine ransomware group is Nucleus Software and they have actually likewise exposed the malicious site of BlackCocaine ransomware group:-.
Throughout the examination, the security scientists at Cyble has actually discovered that this cyber attack is carried out by the group behind the BlackCocaine Ransomware, and from the listed below image you can see the jeopardized page of BlackCocaine ransomware.
To obstruct the malware and track infection always utilize the shared IoCs.
Use strong passwords.
Use multi-factor authentication.
Turn on the automated software application upgrade.
Usage security tools.
Prevent opening untrusted links and e-mail attachments.
Use the service offered by the AmiBreached.com website to track your exposure in the Darkweb.
While the threat stars have actually utilized the Go language to configure this destructive executable, and on May 29, 2021, the operators behind this attack have actually compiled this executable file..
The operators of BlackCocaine ransomware have actually used the MinGW tool to assemble the ransomware payload file that is a UPX-packed 64-bit Windows executable file..
Additionally, cybersecurity researchers have actually concluded that in this attack the AES and RSA Encryption techniques are utilized by the operators behind this BlackCocaine ransomware..
Here, while encrypting the victim files to carry out file system inventory, the BlackCocaine ransomware decrypts Windows APIs. After finishing this phase, it automatically attaches the “. BlackCocaine” extension to the filenames of each encrypted file.
After the effective file encryption procedure, on the contaminated system, the hazard actors drops a ransom note:-.
The experts have actually suggested couple of recommendations and here they are mentioned below:-.
hxxp:// blackcocaine  leading/.
On May 28, 2021, the above-mentioned domain name was registered by the BlackCocaine ransomware group. The security authorities at Cyble discovered the BlackCocaine ransomware sample files throughout their routine exercises.
Here, while encrypting the victim documents to carry out file system inventory, the BlackCocaine ransomware decrypts Windows APIs. After finishing this phase, it instantly attaches the “. BlackCocaine” extension to the filenames of each encrypted file.
Nucleus Software has actually already reported the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI) about this security breach..
The BlackCocaine ransomware is among the sophisticated and active malware pressures; however, to lock the information and demand ransom from the victim the BlackCocaine utilizes the same standard of server-side encryption method.
The business noted that the likelihood of financial data leakage is suspicious, as Nucleus Software has actually validated that they do not save any monetary information of its clients.
Just recently, an Indian IT business that is focused on the Banking and Financial Solutions sector, Nucleus Software has actually suffered a security breach on May 30, 2021, as reported by the cybersecurity professionals at Cyble.
You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.
After by hand drawing out the ransomware payload, the professionals concluded that to evade several security analysis tools and make this more complicated hazard actors have actually used different anti-VM and anti-debugging techniques.
” HOW_TO_RECOVER_FILES. BlackCocaine.txt”.