Black Ruby
NJCCIC Threat Profile
Original Release Date: 2018-02-22
Black Ruby, detected by MalwareHunterTeam, targets Windows OS, scrambles file names and appends .BlackRuby to the names of encrypted files. This ransomware geographically targets victims by scanning for the target machine’s country code and only infects devices that do not appear to be located within Iran. Black Ruby delivers a Monero-miner to infected computers and is likely distributed via Remote Desktop Protocol (RDP). A ransom note named HOW-TO-DECRYPT-FILES.txt is placed on the Windows desktop which provides an email address of TheBlackRuby[@]Protonmail[.]com. The current ransom amount is $650 USD in Bitcoin.
- Bleeping Computer provides additional information on Black Ruby here.
- The NJCCIC is not currently aware of any free decryption tools available for Black Ruby.
Featured Content
- Sextortion & Romance Scams Continue with New Tactics>
- Increase in Reports of Gift Card Scams>
- Phishing-as-a-Service Operation Identified>
- Vaccination Lures in Recent Phishing Campaigns>
- Cryptocurrency Scams Increase>
- FortiGate SSL-VPN Credentials Leaked by Threat Actors>
- Microsoft Patches Several Actively Exploited Flaws>
- Updates Available for Actively Exploited Flaws in Apple Devices>
- Back-to-School Cybersecurity>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.