A New Ransomware Dubbed BlackCocaine Uses AES & RSA Encryption Methods

https://gbhackers.com/blackcocaine-ransomware/

While the danger stars have actually used the Go language to program this malicious executable, and on May 29, 2021, the operators behind this attack have assembled this executable file..

The operators of BlackCocaine ransomware have actually utilized the MinGW tool to put together the ransomware payload file that is a UPX-packed 64-bit Windows executable file..

Just recently, an Indian IT business that is focused on the Banking and Financial Services sector, Nucleus Software has suffered a security breach on May 30, 2021, as reported by the cybersecurity professionals at Cyble.

Cybersecurity scientists have actually concluded that in this attack the AES and RSA Encryption approaches are used by the operators behind this BlackCocaine ransomware..

The company noted that the possibility of financial information leak is dubious, as Nucleus Software has actually confirmed that they do not keep any monetary data of its clients.

After manually extracting the ransomware payload, the experts concluded that to avert a number of security analysis tools and make this more complex risk stars have used numerous anti-VM and anti-debugging approaches.

Nucleus Software has currently reported the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI) about this security breach..

hxxp:// blackcocaine [] top/.
On May 28, 2021, the above-mentioned domain was signed up by the BlackCocaine ransomware group. The security authorities at Cyble found the BlackCocaine ransomware sample files throughout their routine workouts.

After the successful file encryption procedure, on the infected system, the threat actors drops a ransom note:-.

Throughout the investigation, the security scientists at Cyble has found that this cyber attack is executed by the group behind the BlackCocaine Ransomware, and from the listed below image you can see the jeopardized page of BlackCocaine ransomware.

To block the malware and track infection constantly utilize the shared IoCs.
Usage strong passwords.
Usage multi-factor authentication.
Switch on the automated software application upgrade.
Use security tools.
Prevent opening untrusted links and e-mail accessories.
Use the service provided by the AmiBreached.com portal to track your exposure in the Darkweb.

Technical Analysis.

” HOW_TO_RECOVER_FILES. BlackCocaine.txt”.
Recommendations.

Here, while encrypting the victim files to perform file system inventory, the BlackCocaine ransomware decrypts Windows APIs. After completing this phase, it instantly affixes the “. BlackCocaine” extension to the filenames of each encrypted file.

Here, the analysts assert that the first victim of the BlackCocaine ransomware group is Nucleus Software and they have actually also exposed the harmful site of BlackCocaine ransomware group:-.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity, and hacking news updates.

The professionals have actually recommended few recommendations and here they are mentioned below:-.

Here, while securing the victim documents to carry out file system inventory, the BlackCocaine ransomware decrypts Windows APIs. After completing this stage, it instantly affixes the “. BlackCocaine” extension to the filenames of each encrypted file.

The BlackCocaine ransomware is one of the sophisticated and active malware strains; but, to lock the information and need ransom from the victim the BlackCocaine uses the same requirement of server-side file encryption method.