A New Ransomware Dubbed BlackCocaine Uses AES & RSA Encryption Methods

https://gbhackers.com/blackcocaine-ransomware/

After the successful file encryption procedure, on the infected system, the risk actors drops a ransom note:-.

Here, while securing the victim documents to perform file system inventory, the BlackCocaine ransomware decrypts Windows APIs. After completing this stage, it immediately affixes the “. BlackCocaine” extension to the filenames of each encrypted file.

Cybersecurity scientists have concluded that in this attack the AES and RSA Encryption techniques are used by the operators behind this BlackCocaine ransomware..

” HOW_TO_RECOVER_FILES. BlackCocaine.txt”.
Suggestions.

Technical Analysis.

hxxp:// blackcocaine [] top/.
On May 28, 2021, those domain name was signed up by the BlackCocaine ransomware group. The security authorities at Cyble found the BlackCocaine ransomware sample files throughout their regular exercises.

Just recently, an Indian IT company that is specialized in the Banking and Financial Services sector, Nucleus Software application has suffered a security breach on May 30, 2021, as reported by the cybersecurity specialists at Cyble.

The BlackCocaine ransomware is among the advanced and active malware strains; however, to lock the information and demand ransom from the victim the BlackCocaine uses the same standard of server-side file encryption technique.

The operators of BlackCocaine ransomware have actually used the MinGW tool to put together the ransomware payload file that is a UPX-packed 64-bit Windows executable file..

However, Nucleus Software has actually currently reported the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI) about this security breach..

Here, while encrypting the victim files to carry out file system inventory, the BlackCocaine ransomware decrypts Windows APIs. After completing this stage, it instantly affixes the “. BlackCocaine” extension to the filenames of each encrypted file.

The business noted that the likelihood of monetary information leakage is dubious, as Nucleus Software has actually validated that they do not keep any monetary information of its consumers.

To obstruct the malware and track infection always utilize the shared IoCs.
Usage strong passwords.
Usage multi-factor authentication.
Switch on the automated software application update.
Use security tools.
Prevent opening untrusted links and e-mail attachments.
Use the service offered by the AmiBreached.com portal to track your direct exposure in the Darkweb.

After manually drawing out the ransomware payload, the experts concluded that to avert several security analysis tools and make this more complex threat actors have actually used various anti-VM and anti-debugging techniques.

Here, the experts assert that the very first victim of the BlackCocaine ransomware group is Nucleus Software and they have actually likewise exposed the destructive website of BlackCocaine ransomware group:-.

Throughout the investigation, the security scientists at Cyble has found that this cyber attack is performed by the group behind the BlackCocaine Ransomware, and from the listed below image you can see the compromised page of BlackCocaine ransomware.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity, and hacking news updates.

While the danger stars have actually used the Go language to configure this destructive executable, and on May 29, 2021, the operators behind this attack have assembled this executable file..

The professionals have recommended few recommendations and here they are pointed out listed below:-.