A New Ransomware Dubbed BlackCocaine Uses AES & RSA Encryption Methods


Here, while securing the victim documents to perform file system inventory, the BlackCocaine ransomware decrypts Windows APIs. After finishing this stage, it automatically attaches the “. BlackCocaine” extension to the filenames of each encrypted file.

Cybersecurity researchers have actually concluded that in this attack the AES and RSA Encryption techniques are utilized by the operators behind this BlackCocaine ransomware..

Here, the experts assert that the first victim of the BlackCocaine ransomware group is Nucleus Software and they have also exposed the destructive site of BlackCocaine ransomware group:-.

Throughout the examination, the security researchers at Cyble has found that this cyber attack is executed by the group behind the BlackCocaine Ransomware, and from the listed below image you can see the jeopardized page of BlackCocaine ransomware.

Technical Analysis.

After the successful encryption procedure, on the contaminated system, the risk stars drops a ransom note:-.

hxxp:// blackcocaine [] top/.
On May 28, 2021, the above-mentioned domain was registered by the BlackCocaine ransomware group. The security authorities at Cyble discovered the BlackCocaine ransomware sample files during their regular workouts.

The specialists have actually recommended couple of recommendations and here they are discussed below:-.

To track and block the malware infection always use the shared IoCs.
Use strong passwords.
Use multi-factor authentication.
Switch on the automated software application upgrade.
Usage security tools.
Avoid opening untrusted links and e-mail attachments.
Use the service provided by the AmiBreached.com website to track your exposure in the Darkweb.

Here, while securing the victim files to perform file system inventory, the BlackCocaine ransomware decrypts Windows APIs. After completing this phase, it automatically affixes the “. BlackCocaine” extension to the filenames of each encrypted file.

” HOW_TO_RECOVER_FILES. BlackCocaine.txt”.

While the hazard stars have actually used the Go language to configure this malicious executable, and on May 29, 2021, the operators behind this attack have actually compiled this executable file..

The BlackCocaine ransomware is among the active and sophisticated malware strains; however, to lock the data and demand ransom from the victim the BlackCocaine uses the exact same requirement of server-side encryption technique.

After by hand extracting the ransomware payload, the experts concluded that to avert a number of security analysis tools and make this more complicated hazard actors have actually utilized different anti-VM and anti-debugging approaches.

The company kept in mind that the possibility of financial information leakage doubts, as Nucleus Software has actually confirmed that they dont keep any financial data of its consumers.

The operators of BlackCocaine ransomware have used the MinGW tool to assemble the ransomware payload file that is a UPX-packed 64-bit Windows executable file..

Recently, an Indian IT business that is focused on the Banking and Financial Services sector, Nucleus Software application has actually suffered a security breach on May 30, 2021, as reported by the cybersecurity professionals at Cyble.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity, and hacking news updates.

However, Nucleus Software has already reported the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI) about this security breach..