A New Ransomware Dubbed BlackCocaine Uses AES & RSA Encryption Methods


Here, while securing the victim files to carry out file system stock, the BlackCocaine ransomware decrypts Windows APIs. After finishing this stage, it instantly affixes the “. BlackCocaine” extension to the filenames of each encrypted file.

After the effective encryption procedure, on the contaminated system, the threat actors drops a ransom note:-.

The operators of BlackCocaine ransomware have used the MinGW tool to assemble the ransomware payload file that is a UPX-packed 64-bit Windows executable file..

hxxp:// blackcocaine [] leading/.
On May 28, 2021, those domain name was signed up by the BlackCocaine ransomware group. The security authorities at Cyble discovered the BlackCocaine ransomware sample files throughout their routine exercises.

While the danger actors have actually used the Go language to program this malicious executable, and on May 29, 2021, the operators behind this attack have actually assembled this executable file..

Recently, an Indian IT company that is specialized in the Banking and Financial Solutions sector, Nucleus Software application has suffered a security breach on May 30, 2021, as reported by the cybersecurity specialists at Cyble.

The business kept in mind that the probability of financial data leakage doubts, as Nucleus Software has confirmed that they do not save any financial data of its consumers.

The BlackCocaine ransomware is one of the active and sophisticated malware strains; but, to lock the data and need ransom from the victim the BlackCocaine uses the exact same standard of server-side encryption approach.

Here, while securing the victim documents to perform file system inventory, the BlackCocaine ransomware decrypts Windows APIs. After completing this stage, it instantly affixes the “. BlackCocaine” extension to the filenames of each encrypted file.

To block the malware and track infection constantly use the shared IoCs.
Usage strong passwords.
Use multi-factor authentication.
Turn on the automatic software application upgrade.
Usage security tools.
Prevent opening untrusted links and email accessories.
Use the service provided by the AmiBreached.com website to track your direct exposure in the Darkweb.

Furthermore, cybersecurity scientists have actually concluded that in this attack the AES and RSA Encryption methods are utilized by the operators behind this BlackCocaine ransomware..

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Here, the analysts assert that the very first victim of the BlackCocaine ransomware group is Nucleus Software and they have also revealed the destructive site of BlackCocaine ransomware group:-.

After by hand drawing out the ransomware payload, the specialists concluded that to avert a number of security analysis tools and make this more complex threat actors have utilized various anti-VM and anti-debugging approaches.

Nevertheless, Nucleus Software has already reported the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI) about this security breach..

Technical Analysis.

Throughout the investigation, the security scientists at Cyble has actually discovered that this cyber attack is executed by the group behind the BlackCocaine Ransomware, and from the below image you can see the jeopardized page of BlackCocaine ransomware.

The experts have actually recommended couple of recommendations and here they are mentioned below:-.

” HOW_TO_RECOVER_FILES. BlackCocaine.txt”.