Home Malware Programs Ransomware BlackFeather Ransomware

BlackFeather Ransomware

Posted: September 17, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 75
First Seen: September 17, 2016
OS(es) Affected: Windows


The Black Feather Ransomware is a Trojan that encrypts your files and then delivers a text message asking for a ransom for the decryption solution. Since malware experts can verify that the Black Feather Ransomware takes no steps to preserve the essential decryption data, you should ignore requests for payment and use other methods of data restoration. Whether or not your files are recoverable, use appropriate anti-malware products for uninstalling the Black Feather Ransomware and stopping any possibility of subsequent attacks.

A Drifting Feather from an Open-Source Problem

Coding your software independently is often the most secure way to design any program, including threatening ones. However, there are clear shifts in the threat industry towards using 'templates' based on older works to create new ones, with con artists seemingly valuing their time over their products' security. The Black Feather Ransomware is a new example of a derivative threat and owes most of its code to Utku Sen's Hidden Tear.

The Black Feather Ransomware may use distribution means such as e-mail attachments, with its Trojan droppers disguising themselves as being Adobe PDF documents. Launching the 'document' generates a generic error that implies that the contents have been damaged, but also, secretly, installs the Black Feather Ransomware. As par for the course with threats of this category, the Black Feather Ransomware shows no symptoms while it encrypts your files, blocking them with an AES-based cipher.

However, the Black Feather Ransomware does load its ransom message automatically afterward. The text claims that making a 0.3 Bitcoin payment (approximately 180 USD) will provide a decryption solution that restores your files to normal. Malware experts were able to verify that the Black Feather Ransomware doesn't save the decryption key required for decrypting your data or transfer it to a server for con artists to deliver back to the victim. As a result, and despite its instructions, the Black Feather Ransomware has no built-in decryption method.

Sending a Trojan Flying from Your Files

It's not unusual for data encrypting Trojans to include misleading or false information in their extortion messages, such as exaggerating the strength of their encryption algorithms. Recurring cases like the Black Feather Ransomware make the point that paying a con artists money in return for hoping that they'll restore your data is, at best, a highly risky proposition. PC users without other options, such as using backups for restoring their content, should ask for help in the PC security sector. Many families of Trojans of the Black Feather Ransomware's category do have decryptors available to the general public at no charge.

You can identify Black Feather Ransomware infections by the extensions it appends to its encrypted files ('.blackfeather') along with the previously-mentioned ransom text. Using your anti-malware products to detect harmful installers or remove the Black Feather Ransomware before its encryption attack completes itself can provide protection for PC users who feel the need to open PDF documents from unusual sources. Readers should remain cautious of fake invoices, failed delivery notifications and other disguises that are typical for many ransom-based threat campaigns.

The Black Feather Ransomware is also a particularly obvious example of why a victim should consider paying a ransom, if at all, only as a last resort: giving this Trojan's authors your money will put you no closer to saving your files than it would if you had stuffed your wallet into a crow's beak.

Loading...