A Closer Look At The Black Shades Ransomware

RansomwareThere’s some new ransomware in the wild, and it’s some of the nastiest yet – it even puts the legendary Cryptolocker to shame.

For the uninitiated, ransomware is a relatively new (and fast-growing) breed of malware with a rather unusual twist. While most malicious programs are designed to steal files, provide hackers with a backdoor into corporate systems, or simply destroy everything they touch, ransomware uses one of the most powerful tools in a security professional’s arsenal – encryption – against them. It locks down access to a user’s entire system until they’ve paid a ransom, which ranges anywhere from a few bucks to tens of thousands of dollars.

Black Shades only ransoms data for the low price of $30 – so on the surface, it might not seem so bad. What makes this ransomware unique is that whoever coded it went out of their way to make it difficult to crack. And they want security researchers to know that.

“When analyzing the Black Shades ransomware, there are multiple obfuscated strings in the source code that appear to be taunting security researchers who are analyzing it,” writes Lawrence Abram of Bleeping Computer. “Some of these strings are simply base64 encoded, while two others use basic string manipulation that is easily decoded.”

The reason they’re so easy to decode? Because the hacker wanted them decoded. Some of the messages they include:

  • YoxcnnotcrackthisAlgorithmynare>idiot<
  • you can not hack me, I am very hard (translated from Russian)
  • Hacked by Russian Hackers in Moscow Tverskaya Street
  • youaresofartocrackme

Pretty unique, yeah? That isn’t the worst thing about this ransomware, though – at this point, we still have no idea how it’s being distributed. The Malware Hunter Team thinks it may be using fake videos, fake cracks or fake patches as its delivery medium … but that’s mostly conjecture. At the moment, we’ve no idea where it’s coming from – so we’ve no idea how to effectively defend against it.

What’s even more odd about it is the fact that one of its payment mediums is Paypal – which is easily traced. Whoever coded this malware, therefore, is either arrogant, or very, very good. Given the fact that we’ve yet to figure out how to crack the malware’s encryption, I’m leaning towards the latter.

So … given that we still know so little about Black Shades, is there anything you can do to protect yourself against it? Plenty, actually. That’s the good news:

  • Make use of ad blockers, and disable administrative privileges for all users on your network who don’t need them.
  • Isolate your backups from the rest of your network – if Black Shades can’t access them, it can’t encrypt them.
  • Monitor file activity on all connected systems and devices, keeping an eye out for anything suspicious (rapid rewrites, abnormal network traffic, etc.).
  • Keeping all systems properly patched, and all security up to date.

I’d advise you all set to work doing the above immediately. Black Shades might not ask for much money, and it might not necessarily be designed to target enterprise servers … but can you really afford the downtime if it strikes you?

Matthew Davis is a technical writer and Linux geek for Future Hosting.

Dedicated Server Special

Take advantage of our Double RAM offer on the E3-1230v2 4 x 3.30GHz+HT server! Only $134.95 per month. Managed and Unmanaged options available at checkout.