Black Ruby, detected by MalwareHunterTeam, targets Windows OS, scrambles file names and appends .BlackRuby to the names of encrypted files. This ransomware geographically targets victims by scanning for the target machine’s country code and only infects devices that do not appear to be located within Iran. Black Ruby delivers a Monero-miner to infected computers and is likely distributed via Remote Desktop Protocol (RDP). A ransom note named HOW-TO-DECRYPT-FILES.txt is placed on the Windows desktop which provides an email address of TheBlackRuby[@]Protonmail[.]com. The current ransom amount is $650 USD in Bitcoin.
- Bleeping Computer provides additional information on Black Ruby here.
- The NJCCIC is not currently aware of any free decryption tools available for Black Ruby.
Image Source: Bleeping Computer