A New Ransomware Dubbed BlackCocaine Uses AES & RSA Encryption Methods


After by hand drawing out the ransomware payload, the experts concluded that to avert a number of security analysis tools and make this more complex risk actors have actually utilized numerous anti-VM and anti-debugging methods.

The business kept in mind that the probability of financial data leak is suspicious, as Nucleus Software has actually confirmed that they dont keep any monetary data of its consumers.

However, Nucleus Software has actually currently reported the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI) about this security breach..

Here, while encrypting the victim documents to perform file system inventory, the BlackCocaine ransomware decrypts Windows APIs. After finishing this stage, it automatically affixes the “. BlackCocaine” extension to the filenames of each encrypted file.

During the investigation, the security researchers at Cyble has actually found that this cyber attack is carried out by the group behind the BlackCocaine Ransomware, and from the listed below image you can see the compromised page of BlackCocaine ransomware.

After the effective encryption procedure, on the infected system, the risk actors drops a ransom note:-.

The BlackCocaine ransomware is among the active and advanced malware strains; but, to lock the information and demand ransom from the victim the BlackCocaine uses the very same standard of server-side file encryption approach.

Technical Analysis.

The professionals have recommended few suggestions and here they are pointed out below:-.

Just recently, an Indian IT company that is focused on the Banking and Financial Services sector, Nucleus Software has actually suffered a security breach on May 30, 2021, as reported by the cybersecurity experts at Cyble.

To track and block the malware infection always utilize the shared IoCs.
Usage strong passwords.
Use multi-factor authentication.
Switch on the automated software application upgrade.
Usage security tools.
Avoid opening untrusted links and e-mail attachments.
Utilize the service provided by the AmiBreached.com portal to track your direct exposure in the Darkweb.

Here, the analysts assert that the very first victim of the BlackCocaine ransomware group is Nucleus Software and they have actually also exposed the malicious site of BlackCocaine ransomware group:-.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

” HOW_TO_RECOVER_FILES. BlackCocaine.txt”.

Here, while securing the victim files to carry out file system stock, the BlackCocaine ransomware decrypts Windows APIs. After finishing this stage, it instantly attaches the “. BlackCocaine” extension to the filenames of each encrypted file.

hxxp:// blackcocaine [] leading/.
On May 28, 2021, those domain was registered by the BlackCocaine ransomware group. The security authorities at Cyble found the BlackCocaine ransomware sample files throughout their routine exercises.

The operators of BlackCocaine ransomware have actually utilized the MinGW tool to put together the ransomware payload file that is a UPX-packed 64-bit Windows executable file..

While the threat stars have used the Go language to program this harmful executable, and on May 29, 2021, the operators behind this attack have compiled this executable file..

Cybersecurity scientists have actually concluded that in this attack the AES and RSA Encryption techniques are used by the operators behind this BlackCocaine ransomware..