Ransomware is continuing its rampage as a new threat, called Black Shades Crypter, goes in and locks user files, but only asks for a small ransom amount.
Black Shades Crypter focuses in on Russian and English users.
The ransomware ended up discovered almost two weeks ago by a security researcher named Jack (@Malwareforme). He found the ZCryptor ransomware, for which Microsoft issued a public alert a few days later.
Users who get infected with the ransomware can tell by the extra extension Black Shades adds to their files, which is “.silent.”
There are also two other things that make Black Shades stand out.
The first one is the extremely small ransom. All infected users need to pay a $30 ransom, either in Bitcoin or via PayPal, to unlock their files.
This ransom fee is very small compared to other ransomware versions that usually ask between 0.5 and 1 Bitcoin ($250 – $500).
The second thing that also stands out is Black Shades’ source code.
Bleeping Computer analyst Lawrence Abrams said he found strings in Black Shades’ code that appear to be Russian texts that issue challenges to malware analysts.
The source of Black Shades infections is currently unknown.
The ransomware’s infection process is somewhat similar to the standard routine. Once launched into execution, Black Shades will use an AES-256 algorithm to encrypt data on all drives.
Unlike the BadBlock ransomware that also encrypts crucial Windows files, on the system drive, Black Shades encrypts C: data only from a list of selected folders.