BlackRose Ransomware Removal Guide

Do you know what BlackRose Ransomware is?

BlackRose Ransomware is a new file-encrypting threat which has been named after black-rose@outlook.co.th – an email address it uses. Our team of specialists is sure after conducting research that it is not a sophisticated ransomware-type infection because, unlike other ransomware infections they have analyzed, it does not drop any additional files, does not apply any noticeable changes in the system registry, and does not block system utilities, e.g. Task Manager and Registry Editor after the successful entrance. Of course, we do not try to say here that it does not do anything. Users quickly realize that there is a malicious application inside their systems because they find all important pictures and documents encrypted. Just like all other ransomware infections, it targets those files users usually name the most valuable. It does not try to make users angry. It only needs one thing – users’ money. There is no doubt that cyber criminals have developed this malicious application with the intention of earning money easily. Unfortunately, there are still many users who pay the required money after they discover their files locked by ransomware. Evidently, they do not know that they have no guarantees that a decryptor will be sent to them. Although BlackRose Ransomware offers users to purchase the decryptor to unlock those encrypted files too, you should decline this offer. Needless to say, it does not mean that this ransomware-type infection can stay on your computer.

The main goal of all ransomware infections is to find valuable files, lock them, and then obtain money from people, so BlackRose Ransomware starts doing its job right after it enters the system too. It, first, scans the computer and finds documents, pictures, and other files. Then, it encrypts them by appending one of the following filename extensions:

  • .jpg.okokokokok
  • .jpg.ranranranran
  • .jpg.whatthefuck

Have your files already received any of these extensions? If the answer is yes, you have surely encountered BlackRose Ransomware. A bunch of encrypted files is not the only thing users see after the entrance of this ransomware infection. They also find a new file READ_IT_FOR_GET_YOUR_FILE.txt created on their Desktops. This file is a ransom note left by this infection. It tells users that they could get their files back if they purchase a decryption tool. It costs 1 Bitcoin (~$1200), and it can be purchased by sending money to the Bitcoin address 3Q2hTDPt1LMAAgQsNQAPJQxb9ZiwADYaFM provided in the ransom note. After doing that, users need to write an email to black-rose@outlook.co.th. The decryptor should be sent to them within 24 hours. Unfortunately, users do not always receive the promised decryption key. You might be one of them if you decide to try your luck and pay the required money. Undoubtedly, you will not get your money back either.

It is not known how BlackRose Ransomware usually enters computers because its infection rate is still too small to make final decisions; however, specialists are sure that it illegally enters computers. According to our researchers, it must be true that this ransomware infection, just like similar threats, is spread via spam emails. Most likely, BlackRose Ransomware travels in a spam email as an attachment and thus successfully enters users’ computers when they open it. Other distribution methods might be employed too. For example, users might download this malicious application from a file-sharing website. Last but not least, malicious applications, e.g. Trojans might drop ransomware infections on users’ computers as well. Since there are so many ways file-encrypting malware can enter systems, users should do everything that it is in their power to ensure the maximum protection of their PCs.

BlackRose Ransomware does not place any files on affected computers and does not apply any serious modifications, so its removal should not be very complicated. What users need to do is to find recently downloaded suspicious files and delete them. If you cannot find these malicious files, use an automatic malware remover. It will detect all bad files and other components. Then, it will take care of them all automatically.

Delete BlackRose Ransomware

  1. Open the Windows Explorer (press Win+E).
  2. Check these directories and delete the malicious file found:
  • %USERPROFILE%\Downloads
  • %USERPROFILE%\Desktop
  1. Clear the Recycle bin.

In non-techie terms:

Ransomware infections do not enter systems with good intentions, so they always sneak onto computers secretly and then immediately start doing their jobs. In the case of BlackRose Ransomware, it encrypts users’ files and then demands a ransom. This ransom should not be paid, but users must go get rid of this ransomware-type infection ASAP. Keep in mind that this malicious application might be one of many threats on your system, so scan your computer with an automatic tool after deleting BlackRose Ransomware. Do not leave those other bad programs inside your system if a scanner finds them.