Detected by Trend Micro, RANSOM_BLACKHEART downloads a copy of the legitimate AnyDesk application, deletes Volume Shadow Copies, and appends .BlackRouter to the names of encrypted files. RANSOM_BLACKHEART executes two files, ANYDESK.exe and BLACKROUTER.exe, and creates a ransom note named ReadME-BlackRouter.txt. At the time of writing, threat actors are demanding 0.006164 Bitcoin, approximately $50 USD, for decryption. RANSOM_BLACKHEART is distributed via malicious websites, although the details of that process are currently unknown.  

  • Trend Micro provides additional information on RANSOM_BLACKHEART here.
  • The NJCCIC is not currently aware of any free decryption tools available for RANSOM_BLACKHEART.

Image Source: Trend Micro