BLACK ICE Ransomware
BLACK ICE is the name of a malware threat that falls into the ransomware category. The threat is specifically designed to infiltrate computer systems, encrypt valuable data, and subsequently demand payment, or a ransom, from the victim in exchange for the decryption key. Notably, this particular ransomware operation employs double-extortion techniques where the cybercriminals not only encrypt the data of their victims but also threaten to release sensitive information collected from the compromised devices.
The ransomware carries out a process that systematically encrypts the files stored on the breached system. This encryption process also involves modifying the filenames of the affected files by appending the '.ICE' extension to them. For instance, a file originally named '1.jpg' will be transformed into '1.jpg.ICE' after undergoing encryption.
Once the encryption is successfully completed, the BLACK ICE Ransomware creates a text file named 'ICE_Recovery.txt' intended to communicate the demands of the attackers to the victim. Ransom notes left by these types of malware threats typically outline the threat actors' demands and provide instructions for the payment of a ransom.
The BLACK ICE Ransomware Causes Significant Damage by Locking Victims' Data
The ransom note generated by the BLACK ICE Ransomware serves to inform its unfortunate victims that the cybercriminals have first stolen sensitive data from the device before encrypting the files stored there. To recover their data, victims are instructed to message two specific email addresses - 'Black.Ice85@onionmail.org' and 'Black.Ice85@skiff.com.'
Additionally, victims are required to submit a single file to serve as a test for the decryption capabilities of the attackers. While the exact amount that victims are expected to pay remains undisclosed within the message, it does explicitly state that the ransom must be sent using the Bitcoin cryptocurrency. If victims refuse to meet the demands of the hackers, they are then threatened with having the data taken from their systems leaked to the public.
However, even complying with the ransom demands does not guarantee that victims will receive the promised decryption keys or software. Consequently, cybersecurity experts caution against following such demands. Paying the ransom not only fails to ensure data restoration but also directly contributes to the perpetuation of the unlawful activities orchestrated by these criminals.
It is fundamental to remove the BLACK ICE Ransomware completely from the infected systems in order to prevent any further encryption of data. However, it's crucial to understand that getting rid of the ransomware itself will not recover the data that has already fallen victim to its encryption.
Don't Neglect the Security of Your Devices and Data
Protecting your devices and data from ransomware attacks is extremely important in today's digital landscape. Here are several steps users can take to enhance their defenses against such threats:
- Regular Backups: Maintain regular backups of your important data on an offline or cloud-based storage system. This ensures that even if your files are encrypted by ransomware, you can restore them without paying the ransom.
- Use Reliable Security Software: Install and update reputable anti-malware software on all your devices. This software can help detect and prevent ransomware infections before they can take hold.
- Keep Software Up to Date: Update your operating system, software and applications regularly. Many ransomware attacks target vulnerabilities in outdated software, so staying up to date can patch these vulnerabilities.
- Use Strong, Unique Passwords: Employ strong and unique passwords for all your accounts, and consider the utilization of a password manager to keep track of them securely.
- Enable Two-Factor Authentication (2FA): Use two-factor authentication wherever possible. This will increase the security of your data by requiring a second verification step beyond just a password.
- Use Caution with Email Attachments and Links: Be wary of email attachments and links, especially if they're unexpected or come from unknown senders. Verify the sender's identity before opening anything suspicious.
- Prepare Yourself: Stay informed about the latest phishing and ransomware tactics. Educate yourself and your family members about the risks of clicking on suspicious links or downloading unknown files.
- Secure Remote Desktop Protocol (RDP): If you use Remote Desktop Protocol, ensure that it's secured with strong passwords and, if possible, restricted to specific IP addresses.
- Disable Macros: Disable macros in documents, spreadsheets, and presentations unless they are absolutely necessary. Malicious macros are a common vector for delivering ransomware.
By following these steps and adopting a security-conscious mindset, the risk of falling victim to ransomware attacks will be significantly reduced and you will better protect your devices and valuable data.
The full text of the ransom message left to the victims of the BLACK ICE Ransomware is:
'Personal ID : -
+++ BLACK ICE +++
ALL YOUR IMPORTANT FILES ARE STOLEN AND ENCRYPTED!
and now have the "ICE" extension.
There is only one way to get your files back:
Contact with us
In subject line please write your Personal ID
To prove that we can decrypt your files, send us 1 unimportant encrypted files. (up to 1 MB) and we will decrypt them for free.
We accept Bitcoin
+Do not delete or modify encrypted files.
+Any attempts to restore your files with the thrid-party software will be fatal for your files!
To recovery your data and not to allow data leakage, it is possible only through purchase of a private key from us.
+Don't go to recovery companies, they are essentially just middlemen who will make money off you and cheat you.
We are well aware of cases where recovery companies tell you that the ransom price is 5 BTC but in fact they secretly negotiate with us for 1 BTC, so they earn 4 BTC from you.
If you approached us directly without intermediaries you would pay 5 times less, that is 1 BTC.'