BlackJockerCrypter Ransomware
Posted: March 22, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 7 |
| First Seen: | March 27, 2017 |
|---|---|
| Last Seen: | August 17, 2022 |
| OS(es) Affected: | Windows |
The BlackJockerCrypter Ransomware is a file-encoding Trojan that uses encryption as a way to lock your files and ransom them. Various components of this threat imitate the Globe Ransomware family deliberately, although malware experts find the two Trojans to be unrelated to each other. Anti-malware products may detect this threat and remove the BlackJockerCrypter Ransomware before it encrypts your hard drive, but a complete post-infection recovery may require having an uninfected backup.
A Joker of a Trojan with Another One's Makeup
Threat actors appreciate being able to profit from the work of others in the same industry, and the various campaigns involving file-encrypting Trojans are standing testaments that there's little honor lost between thieves. The latest imitation of another Trojan at work is the BlackJockerCrypter Ransomware, which borrows both the Globe Ransomware's extortion message and its style of renaming the locked files, with some extra changes. Appearances aside, the Trojan is an independent threat, and decryption tools that are functional against the Globe Ransomware are unlikely of being useful against the BlackJockerCrypter Ransomware.
The BlackJockerCrypter Ransomware may encrypt files including Word documents, WinZip archives, Adobe PDF documents, JPG images and other media. All content so encrypted is unreadable until the user decrypts it via using the custom key the BlackJockerCrypter Ransomware creates. Malware experts also emphasize the BlackJockerCrypter Ransomware making wholesale name changes, wiping the original names, and replacing them with a pattern consisting of the threat actor's e-mail address (for ransoming negotiations), a random hexadecimal string, and the '.happydayzz' extension.
The above extension also is characteristic of some versions of the Globe Ransomware, which could cause a victim to identify the infection incorrectly. The BlackJockerCrypter Ransomware completes this illusion with its extortion note, also a misappropriated element from the Globe Ransomware. The HTA file claims that the encryption is the result of a 'security problem with your PC' and asks for a Bitcoin payment to decrypt the locked data.
Beating Your Fake Security Helpline to the Punchline
The BlackJockerCrypter Ransomware is a semi-ingenious example of threat actors putting a new spin on notable attacks to improve their chances of collecting extortion money. The BlackJockerCrypter Ransomware misidentifies itself so that free decryptors are unlikely to work, and profits from the reputation of Globe Ransomware as being a notorious and well-designed Trojan simultaneously. Concurrently, it also misrepresents its extortion efforts as being a security assistance from an impartial third party. However, despite its assurances, its payment method continues to guarantee that con artists can receive their payments without needing to give you any decryption help.
Malware researchers haven't been able to isolate active infection methods for the BlackJockerCrypter Ransomware, which could propagate through e-mail, compromised websites, or targeted, brute force attacks. Following basic safety practices, such as using personalized password rotations, and having anti-malware products to delete the BlackJockerCrypter Ransomware on sight are sufficient for shutting down the majority of these attacks. Depending on its choices in encryption algorithms, a post-infection recovery from the BlackJockerCrypter Ransomware may be impractical or even impossible.
The BlackJockerCrypter Ransomware uses well-considered social engineering techniques to subvert your expectations and assumptions about Trojans. Until you can verify its identity and origins, don't fall into the all-too-easy trap of assuming that a pop-up window is being honest about what it's telling you.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.