Remove BlackMatter Ransomware From Infected System
BlackMatter Ransomware Brief
|Name||BlackMatter Ransomware, belongs of the family of Djvu Ransomware|
|Category||Ransomware, Cryptolocker, Files-encrypting malware|
|Symptoms||Users are restricted to access their files on the system. The data are encrypted and renamed with random characters string extension after the original filename. A ransom note named as [random_string].README.txt can be seen on the desktop and the directories were files are encrypted.|
|Occurrence||Phishing emails that contains macro-enabled attachments, compromised websites, visiting torrent links and downloading software cracks.|
|Damages||Loss of data stored on the PC, monetary loss, other malware infection can be stopped along with the main threat.|
|Removal||To remove BlackMatter Ransomware and other malware infections, we recommend to scan the computer with legitimate anti-malware program. We recommend using Spyhunter 5|
What is BlackMatter Ransomware?
BlackMatter is a newly discovered Ransomware threat targeting Windows users. The malware program is intended to encrypt files on the target system in order to demand ransom fee against offering decryption. After running the encryption algorithm, it appends a string of random characters to the original file name.
So, if your file originally named as “home.jpg”, then after encryption it will be renamed as “home.jpg.t2Yk8gSai”. Thus, files encrypted by BlackMatter becomes inaccessible until the victims agree to pay the ransom fee.
Like other ransomware, the BlackMatter also creates a ransom note named as “[random_string].README.txt“. As well as changes the desktop wallpaper showing the ransomware alert.
The text shown within the desktop wallpaper:
The text presented within the Ransom note by BlackMatter Ransomware:
>>> What happens?
Your network is encrypted, and currently not operational. We have downloaded 1TB from your fileserver.
We need only money, after payment we will give you a decryptor for the entire network and you will restore all the data.
>>> What guarantees?
We are not a politically motivated group and we do not need anything other than your money.
If you pay, we will provide you the programs for decryption and we will delete your data.
If we do not give you decrypters or we do not delete your data, no one will pay us in the future, this does not comply with our goals.
We always keep our promises.
>> Data leak includes
1. Full emloyeers personal data
2. Network information
3. Schemes of buildings, active project information, architect details and contracts,
4. Finance info
>>> How to contact with us?
1. Download and install TOR Browser (hxxps://www.torproject.org/).
2. Open hxxp://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/7NT6LXKC1XQHW5039BLOV.
>>> Warning! Recovery recommendations.
We strongly recommend you to do not MODIFY or REPAIR your files, that will damage them.
BlackMatter Ransomware Ransom Note
According to the BlackMatter’s ransom note “[random_string].README.txt”, states that their network has been encrypted and it has exfiltrated 1 TB of data. The main intention of authors behind this malware is to gain monetary benefits by demanding ransom from the victims. They also warns the victims that if they fail fulfil the demands of the ransom, then their data will be exposed online.
To contact the authors, victims need to download TOR browser and open the website provided in the instruction.
How did ransomware infect my computer?
Ransomware attack is the most unfortunate thing for any computer user. As it often uses strong encryption algorithm to encrypt the data and demand ransom against the unique key to unlock them. They mostly spread via phishing email attachments, vulnerabilities, pirated software downloads, compromised websites, other Trojan-droppers and so on.
- Phishing email campaigns: Such emails are spread out in bulk by the cybercriminals that contains a catchy subject line like job offers, government officials, fax, invoice and so on. They either contain a weblink or an attachment. The documents have macros enabled and hidden payloads which when runs on the target system can download the payloads of the malware and further install it.
- Pirated Software Downloads: Yet another distribution tactics is fake software downloads from untrusted sources, torrent clients, shareware/freeware, pop-up ads that tricks into updating software apps.
- Vulnerabilities: Cybercriminals are always keen to exploit any system flaws, bugs within the software or programs that inject their payloads via different ways. So, users should quickly patch them by updating the software and apps from the official website only.
How To Remove BlackMatter Ransomware From Infected PC
Unfortunately, there are very less probability that you can decrypt your files as they need the decryption key. But in any case, paying ransom should never be your option. As there is no guarantee that the Ransomware authors provide the decryption key after getting the payment. They should never be trusted.
So, the best way to deal with Ransomware attack is to remove them and recover the files from backups. As till the BlackMatter Ransomware is active on your system, if may keep on encrypting new files. So, the very first thing you should do is to remove it. Below, you will find the removal solution and various recovery options that may help you to recover your files.
Automatic BlackMatter Ransomware Removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Spyhunter is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
SpyHunter 5 is a powerful and certified malware detection and removal program. The program can identify various kinds of threats like malware, adware, browser hijacker, Potentially unwanted program, rootkits and so on. It provides real-time protection by continuously updating and adapting its detection so as to combat against new threats. This tools is very easy to use and a very friendly user-interface, offering 24/7 customer support.
Follow the below instructions to scan with SpyHunter 5 and remove BlackMatter Ransomware from Windows OS.
- Click on the download button, to begin install the SpyHunter 5 anti-malware.
- Follow the on-screen instructions to finish the installation process.
- After that, the application will launch on your screen. In most of the cases, it starts the scan process quickly.
- The first scan may take up few minutes, and will keep reporting you any malware or threats found on your system.
- After the scan process completes, click on the “Next” to remove the threats.
- SpyHunter 5 allows free detection of threats. In order to remove them and activate other features, you need to purchase the full- license of the product.
- We recommend you do so, if you want to secure your device from Ransomware, Adware, malware, and PUA. It also helps maintaining online privacy.
Manual Removal Instruction For BlackMatter Ransomware:
If you want to go through the manual removal of BlackMatter Ransomware, then follow the below steps carefully:
Step1: Preparing For the Removal of BlackMatter Ransomware
Before manually removing the BlackMatter Ransomware, you should first need to isolate your infected system from network and other external devices like hard drive, flash drives, to prevent further encryption.
Remove External Devices:
To safety remove, all external devices or storage device, follow the steps below:
- Go To “My Computer“, right-click on the connected SD Card, hard drive or Flash drive you see.
- Select “Eject“:
Disconnect Your Computer from the internet:
You are connected to Internet via an ethernet cable, then just unplug it. And if you are connected via wireless network, then first click on the Wi-Fi icon on your taskbar, then click on “Disconnect“. However, if further stop any available connection to connect automatically, follow the steps below:
- Type “Control Panel” on the search bar of your Taskbar, and choose “Network and Sharing Center“;
- Next, from left-menu options, select “Change Adapter Settings“;
- Now, select the network, right-click on it and choose “Disable“.
Identify The Ransomware Your System Is Infected With
Often, the Ransomware have different variants, but they belong to a particular Ransomware family. So, you can get some idea of the Ransomware name from the “Ransom Note” like “_readme.txt“.
Some Ransom note specifies the name like “Your files have been encrypted by Locky Ransomware”. So, here the extension may not be exactly “.locky” but it can be some random alphanumeric characters.
So, if you are not able to find the exact name of the Ransomware, which has infected your system, then go to id-ransomware, where you can upload the “Ransom note” file or any sample of encrypted file to identify the Ransomware name. The BlackMatter Ransomware is has various similarities of DarkSide Ransomware which shut down its operations in May.
No More Ransomware: You can also visit no more ransomware to help identify the Ransomware, and also offers free decryption tools by various Ransomware families like Gand Crab, HiddenTear, TeslaCrypt and so on.
After identifying the ransomware name, the removal and decryption process may help you finding the right solution.
If you have already remove BlackMatter Ransomware using scan and remove method by Spyhunter anti-malware, then you should proceed with recovering your BlackMatter encrypted files.
Step2: Remove BlackMatter Ransomware using System Restore
System Restore Procedure works most of the time if want to roll back your system status to a specific point of time. So, here the point which need to choose is the versions of your PC before BlackMatter Ransomware infected your system. Most of the time, Windows OS creates a Restore Point, when we install any new application or driver. Also, you can create a system restore point manually.
System Restore will remove applications, drivers, or updates that you have installed to that point of time. They all will be rolled back to that point, however your personal data will not be affected. But in case, you should backup your important data you stored recently.
- On your taskbar, type “Recovery” in the search box, which will bring the results, click on “Recovery”;
- Next click on “Configure System Restore“;
- You will see “System properties” window open up, switch to “System Protection“;
- Next click on “System Restore” button, then click on “Next“;
- Now, you will see Automatic System Restore Points list or to view all restore points you can click “Show more Restore Points” in the bottom.
- Now, click on the Restore point to which you want to choose, then click on “Scan for affected programs”; This will list you all the apps, drives and updates which will be removed after the restore.
- So, if you are sure with the changes, the click on “close” and then select Next > Finish.
If there is no Recovery points, then this method will not be helpful to you, So, either go for scan and remove method or you need to reset your Windows 10.
Step3: Reset Your PC to remove BlackMatter Ransomware
Resetting your PC should be your last option, if all the above methods does not work for you. If you reset your PC then, all your applications, files and data will be cleared. It means your Windows 10 will act as new. Windows 10 will reset itself to its factory default settings.
Also, you will not lose your license or product key which came along with the purchase or if it is genuine.
If you don’t want to lose your data, then first backup all your files to a secure place, either cloud backup, OneDrive, Google Drive or external SSD or USB drives.
However, Reset Your PC, does gives you an option to keep your files, but to ensure permanent removal of BlackMatter Ransomware, you should chose Remove Everything. Or else you can try with “keep my files” and then reset your PC. After that to double check if the Ransomware is gone you should install an anti-virus program.
So, here how to reset your Windows 10:
- In the search bar, on the Taskbar search for “Reset this PC“, and click on it;
- Choose “Get Started“.
- Next, you will see two options to choose “Keep my Files” or “Remove Everything”.
- Choose the appropriate one, and click on “Next“;
- Now, follow the on-screen instructions to reset your PC;
- Once your PC is reset, you can install the application which you need, transfer your files.
- Now, run Windows Defender or Spyhunter 5 to check complete removal of BlackMatter Ransomware.
How To Recover Files Encrypted With BlackMatter Ransomware?
Step 1: Restore from Previous Versions Feature of Windows OS
Often some Ransomware are clever to delete the shadow volume copies and previous versions of the encrypted files. However, you should give a try looking out for the previous versions of the BlackMatter encrypted file that can help you recover it. But, this option will only work for you if you have configured the “File History” option on your system.
- Navigate to the folder or directory, where the BlackMatter encrypted files are stored locally on your computer. Right-click on the BlackMatter encrypted file and then select “Properties“.
- Under the Properties window, switch to “Previous Versions” tab.
- If you have any previous versions available for the file, then you will see the snapshots of the file. So select the one which is prior to the date of BlackMatter attack.
- Select the Restore To option to choose the specific location.
- Click on the “Select folder” button to restore your files. Better to choose a different folder to keep the recovered file.
Step 2: Recover Files From OneDrive’s Version history Feature
If the above workaround does not work for you, then you can use the OneDrive’s file versioning feature called as Version History. This will only work if your system is synced with OneDrive backup.
OneDrive is the most easy way to keep your files on your PC to keep synced in the cloud. Files synced can also be accessed on mobile, Microsoft OneDrive online account and so on. It stores the older versions of the files for up to 30 days and also has a feature to store the deleted files, but for a limited time only.
The Restore OneDrive feature only works if you are subscribed for the Microsoft 365.
If your OneDrive’s files have been encrypted by BlackMatter Ransomware, then it gives you an option to restore the previous version of entire files synced with OneDrive. So, if your files have been encrypted with BlackMatter Ransomware, then you may use the OneDrive’s Version history feature to restore files from its previous version.
- Click on the OneDrive icon on your Taskbar;
- Then click on “Help & Settings” > “View Online”;
- If your are already signed on, the click on the “Settings” icon on top-right of the page;
- Then choose “Option” > “Restore your OneDrive“;
- Next, select a specific date from the drop-down list. OneDrive also helps you to choose a data if it has detected a ransomware attack automatically. However, if it does not recommend y0u a date, choose the one before the attack of BlackMatter Ransomware.
- Finally, click on “Restore“.
OneDrive Version History
If you don’t have the subscription for Microsoft 365, then you try by right-clicking on specific file from your OneDrive Folder, then choose “Version History“.
If you are able to view the file and then you can download it and save at a safe location.
Step 3: Recover BlackMatter Ransomware Encrypted Files using Online Decryption Tools
The Ransomware uses Encryption algorithms to encrypt the files which are often strong to break. In such a case you don’t have any option to recover them as you will be requiring the decryptor key to unlock them. Most of the ransomware authors, store the unique key to their remote server rather than on the host machine.
But there are many ransomware that have some flaws in their code or they often leave some loopholes. So, cyber security experts often research on them and create a decryptor tool online for free. Also, some ransomware threats often seen to be release their keys. So, we strongly advise you to keep a backup of your encrypted files to a separate drive along with Ransom note. So, that you can check online for any decryption tools in future.
Here, we have listed some of the best free online decryptor tools that can help you recover the files.
- No More Ransom Project: no more ransomware project website not only help you to identify the Ransomware. But also contains the decryption tools that lets you search by the name and show you the decryption tools available.
- Emsisoft Decryptor Tool: Another online free decryptor tool, you can try out is Emsisoft that is developed by Emsisoft and Michael Gillespie. They have a team of ransomware experts that often keeps on creating decryptors for plenty of Ransomware. They also have instructions on how to use the decryptor tool.
- Noransom Decryptor Tool By kaspersky: No Ransom is yet again a place where you can search for latest decryptors for Ransomware. To search, you can use the extension, ransomware name and ransom note.
Step 4: Use Data Recovery Software
Ransomware is one of the most successful threat campaign that uses encryption algorithm to encrypt user’s data with a unique key. Although, the possibility of recovery is stands less as the hackers store the key to their own server. But yet again, security experts never recommend paying Ransom, as there are chances that even after paying the Ransom, you may not get your files back.
Thus, it is better to remove the ransomware, and safe the encrypted files at a secure place, so that you have a chance of recover later on too. However, we still advice you to use STELLAR DATA RECOVERY PROFESSIONAL to recover your files. The software recovers almost all file types that you may lose in various scenarios like emptied recycle bin, unexpected system shutdown, virus attack and System Crash down and so on.
- Download and Install Stellar Data Recovery Professional For Free;
- Select the type of data you want to recover or just select “All Data“;
- Choose the location from where you want to recover your data, and also enable the “Deep scan” option and then click on “Scan“;
- You can preview the files which can recover, filter them using File Types, Tree view or deleted list.
- Finally, to recover, select the files you want to recover and click on “Recover“, choose the location to save them.
- Do not choose the same location where files are encrypted.
How to Prevent Virus Attack Effectively
Privacy and security is the most crucial thing which can be compromised at any point of time. So, we should be stay vigilant to protect them. Specifically, to prevent Ransomware attacks in future you should follow the below tips:
- Do not open/download email attachments from unknown sender. A phishing email can have various signs like grammatical errors, no/fake signature, requesting for some personal info, spoofed links and so on.
- Have a reputable anti-malware protection turned on. Also don’t just rely on a free version.
- Beware of the what you download from third-party sources. Don’t be hurry to just double-click to install any file.
- Most importantly, backup your data on regular basis. If you can’t do it manually, then use services like OneDrive, Dropbox, Google Drive and also other cloud service for strong protection like pCloud.
- Also, if you have been a victim of any Ransomware attack, then report the crime.