A New Ransomware Dubbed BlackCocaine Uses AES & RSA Encryption Methods


Here, while encrypting the victim documents to carry out file system stock, the BlackCocaine ransomware decrypts Windows APIs. After finishing this stage, it automatically attaches the “. BlackCocaine” extension to the filenames of each encrypted file.

While the danger stars have actually used the Go language to program this destructive executable, and on May 29, 2021, the operators behind this attack have assembled this executable file..

Cybersecurity researchers have concluded that in this attack the AES and RSA Encryption techniques are utilized by the operators behind this BlackCocaine ransomware..

During the investigation, the security researchers at Cyble has actually found that this cyber attack is performed by the group behind the BlackCocaine Ransomware, and from the below image you can see the jeopardized page of BlackCocaine ransomware.

hxxp:// blackcocaine [] leading/.
On May 28, 2021, the above-mentioned domain was registered by the BlackCocaine ransomware group. The security authorities at Cyble found the BlackCocaine ransomware sample files during their routine workouts.

After by hand drawing out the ransomware payload, the specialists concluded that to avert numerous security analysis tools and make this more complicated risk actors have used different anti-VM and anti-debugging approaches.

To track and block the malware infection always use the shared IoCs.
Use strong passwords.
Use multi-factor authentication.
Turn on the automatic software upgrade.
Use security tools.
Avoid opening untrusted links and email attachments.
Utilize the service supplied by the AmiBreached.com portal to track your direct exposure in the Darkweb.

Here, the experts assert that the very first victim of the BlackCocaine ransomware group is Nucleus Software and they have actually also revealed the malicious website of BlackCocaine ransomware group:-.

Here, while securing the victim files to perform file system stock, the BlackCocaine ransomware decrypts Windows APIs. After completing this phase, it instantly attaches the “. BlackCocaine” extension to the filenames of each encrypted file.

” HOW_TO_RECOVER_FILES. BlackCocaine.txt”.

Technical Analysis.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

The operators of BlackCocaine ransomware have used the MinGW tool to assemble the ransomware payload file that is a UPX-packed 64-bit Windows executable file..

Nucleus Software has actually currently reported the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI) about this security breach..

After the successful encryption procedure, on the infected system, the risk stars drops a ransom note:-.

The BlackCocaine ransomware is among the active and sophisticated malware stress; however, to lock the data and demand ransom from the victim the BlackCocaine utilizes the exact same standard of server-side file encryption technique.

Recently, an Indian IT company that is focused on the Banking and Financial Services sector, Nucleus Software application has actually suffered a security breach on May 30, 2021, as reported by the cybersecurity experts at Cyble.

The business kept in mind that the possibility of financial information leak doubts, as Nucleus Software has validated that they dont keep any monetary information of its consumers.

The experts have suggested couple of suggestions and here they are mentioned listed below:-.