A New Ransomware Dubbed BlackCocaine Uses AES & RSA Encryption Methods

https://gbhackers.com/blackcocaine-ransomware/

Recently, an Indian IT business that is specialized in the Banking and Financial Providers sector, Nucleus Software has suffered a security breach on May 30, 2021, as reported by the cybersecurity professionals at Cyble.

Here, while securing the victim files to perform file system stock, the BlackCocaine ransomware decrypts Windows APIs. After completing this phase, it automatically affixes the “. BlackCocaine” extension to the filenames of each encrypted file.

The specialists have actually suggested few suggestions and here they are pointed out below:-.

Throughout the investigation, the security scientists at Cyble has actually found that this cyber attack is performed by the group behind the BlackCocaine Ransomware, and from the listed below image you can see the jeopardized page of BlackCocaine ransomware.

While the danger actors have utilized the Go language to configure this harmful executable, and on May 29, 2021, the operators behind this attack have actually compiled this executable file..

Here, the experts assert that the first victim of the BlackCocaine ransomware group is Nucleus Software and they have likewise revealed the malicious website of BlackCocaine ransomware group:-.

However, Nucleus Software has currently reported the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI) about this security breach..

hxxp:// blackcocaine [] top/.
On May 28, 2021, those domain name was registered by the BlackCocaine ransomware group. The security authorities at Cyble discovered the BlackCocaine ransomware sample files during their routine workouts.

The business kept in mind that the likelihood of financial data leak is suspicious, as Nucleus Software has actually confirmed that they dont keep any monetary information of its customers.

Here, while securing the victim files to perform file system stock, the BlackCocaine ransomware decrypts Windows APIs. After finishing this stage, it automatically affixes the “. BlackCocaine” extension to the filenames of each encrypted file.

” HOW_TO_RECOVER_FILES. BlackCocaine.txt”.
Suggestions.

The BlackCocaine ransomware is one of the advanced and active malware strains; however, to lock the information and need ransom from the victim the BlackCocaine utilizes the very same standard of server-side file encryption technique.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

After manually drawing out the ransomware payload, the specialists concluded that to evade a number of security analysis tools and make this more complicated danger stars have used numerous anti-VM and anti-debugging techniques.

Moreover, cybersecurity scientists have actually concluded that in this attack the AES and RSA Encryption methods are used by the operators behind this BlackCocaine ransomware..

After the successful encryption process, on the infected system, the hazard actors drops a ransom note:-.

The operators of BlackCocaine ransomware have actually used the MinGW tool to assemble the ransomware payload file that is a UPX-packed 64-bit Windows executable file..

To track and obstruct the malware infection constantly utilize the shared IoCs.
Use strong passwords.
Use multi-factor authentication.
Switch on the automatic software update.
Usage security tools.
Avoid opening untrusted links and email accessories.
Utilize the service offered by the AmiBreached.com portal to track your exposure in the Darkweb.

Technical Analysis.