A New Ransomware Dubbed BlackCocaine Uses AES & RSA Encryption Methods


Here, while encrypting the victim documents to perform file system inventory, the BlackCocaine ransomware decrypts Windows APIs. After finishing this stage, it automatically attaches the “. BlackCocaine” extension to the filenames of each encrypted file.

The BlackCocaine ransomware is among the advanced and active malware strains; but, to lock the information and need ransom from the victim the BlackCocaine utilizes the very same requirement of server-side file encryption technique.

Here, while encrypting the victim files to carry out file system inventory, the BlackCocaine ransomware decrypts Windows APIs. After completing this phase, it immediately affixes the “. BlackCocaine” extension to the filenames of each encrypted file.

hxxp:// blackcocaine [] top/.
On May 28, 2021, the above-mentioned domain was registered by the BlackCocaine ransomware group. The security authorities at Cyble found the BlackCocaine ransomware sample files during their regular workouts.

Technical Analysis.

The professionals have actually suggested couple of suggestions and here they are mentioned listed below:-.

The company noted that the possibility of financial data leakage doubts, as Nucleus Software has verified that they do not save any monetary information of its clients.

While the risk stars have actually used the Go language to set this destructive executable, and on May 29, 2021, the operators behind this attack have assembled this executable file..

The operators of BlackCocaine ransomware have used the MinGW tool to put together the ransomware payload file that is a UPX-packed 64-bit Windows executable file..

To track and block the malware infection always utilize the shared IoCs.
Usage strong passwords.
Usage multi-factor authentication.
Switch on the automated software application upgrade.
Use security tools.
Avoid opening untrusted links and e-mail attachments.
Utilize the service supplied by the AmiBreached.com website to track your direct exposure in the Darkweb.

Throughout the investigation, the security scientists at Cyble has found that this cyber attack is carried out by the group behind the BlackCocaine Ransomware, and from the below image you can see the compromised page of BlackCocaine ransomware.

Just recently, an Indian IT business that is focused on the Banking and Financial Providers sector, Nucleus Software application has suffered a security breach on May 30, 2021, as reported by the cybersecurity specialists at Cyble.

After the effective file encryption process, on the infected system, the risk stars drops a ransom note:-.

Here, the experts assert that the very first victim of the BlackCocaine ransomware group is Nucleus Software and they have also exposed the destructive site of BlackCocaine ransomware group:-.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity, and hacking news updates.

After by hand extracting the ransomware payload, the specialists concluded that to evade several security analysis tools and make this more complicated danger stars have utilized various anti-VM and anti-debugging techniques.

” HOW_TO_RECOVER_FILES. BlackCocaine.txt”.

Nucleus Software has actually already reported the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI) about this security breach..

Cybersecurity scientists have actually concluded that in this attack the AES and RSA Encryption techniques are used by the operators behind this BlackCocaine ransomware..