Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

BlackMatter Ransomware (.<9-Digit Random Extension> / <Encryption Extension>.README.txt)

  • Distribution Method : Unknown
  • MD5 : 598c53bfef81e489375f09792e487f1a
  • Major Detection Name : Ransomware/Win.BlackMatter.C4575089 (AhnLab V3), Win32:BlackMatter-B [Ransom] (AVG)
  • Encrypted File Pattern : .<9-Digit Random Extension>
  • Payment Instruction File : <Encryption Extension>.README.txt
  • Major Characteristics :
     - Offline Encryption
     - Delete Volume Shadow Copy Service
     - Includes the ability to run ransomware after booting in safe mode (bcdedit /set {current} safeboot network)
     - Changes desktop background (C:\ProgramData\<Encryption Extension>.bmp)