Home / Spyware Help / BlackWorm Ransomware Removal Guide

BlackWorm Ransomware Removal Guide

by 0 Comments

Do you know what BlackWorm Ransomware is?

BlackWorm Ransomware is a computer infection that intends to lure you out of your money. This program doesn’t differ much from most of the other ransomware infections that we have discussed before. Therefore, it is possible to apply the same removal principles to this program, too.

Perhaps the most frustrating thing about ransomware infections is that it is often impossible to restore the encrypted files. However, if you have backed up copies of your data, you can just remove BlackWorm Ransomware from your system, and then work towards ensuring that your PC will never get attacked again.

How can you make sure that BlackWorm Ransomware or a similar infection doesn’t enter your system? First, it is important to understand how such programs spread around. Our research team suggests that this infection spreads through fake downloads and spam email. Fake downloads refer to all sorts of downloads where users are tricked into clicking a fake download link. In other words, if you feel terrorized into downloading something when you access a certain website, then you most certainly shouldn’t do that. If you need to download something, you have to download it from an official website.

As far as the spam emails are concerned, they reach us every single day. Perhaps we don’t see all of them because most of them get filtered into the Junk folder, but sometimes, the most sophisticated spam lands into our inboxes, and it looks like legitimate messages from reliable senders. For example, some message might look like an online shopping invoice. And if you often shop online, you might think that this is one of the many invoices that you receive almost every single day. However, the spam email message that delivers ransomware comes with an attachment. This attached file looks like a regular document, but the moment you open it, BlackWorm Ransomware gets installed on your computer.BlackWorm Ransomware Removal GuideBlackWorm Ransomware screenshot
Scroll down for full removal instructions

From there, the course is clear. BlackWorm Ransomware is based on the Hidden Tear ransomware, and so it will behave like most of its predecessors, including BSS Ransomware, XCry Ransomware, SnowPicnic Ransomware, and many others. Hidden Tear Ransomware is an open-source ransomware, and it means that anyone can use its code, as long as they know how to acquire it. Hence, multiple criminals modify the initial open-source code according to their likes and preferences to create more malicious infections. As a result, the likes of BlackWorm Ransomware are made, and the problem here is that the same decryption tool cannot be applied to all these programs because they are not identical (even if they are really similar).

Once the encryption is complete, BlackWorm Ransomware adds an extension to the affected files. For example, if you had a cat.jpeg file before the encryption, after the encryption the filename will read as cat.jpeg.bworm. In a sense, this is how you will definitely see which files were affected by the infection. Although even if there were no additional appendix, you would notice that something is off because the system would no longer be able to read your personal files.

BlackWorm Ransomware wants you to restore the files by paying the ransom. More information about the ransom can be found in the ransom note. The ransom note is dropped on the Desktop, and it says the following:

[ Warning ]
Your Files has been encrypted with Black Worm Ransomware
Send 200$ of bitcoins to my Bitcoin Address
Bitcoint Address :

The ransom note isn’t too eloquent, and there are glaring grammar and spelling mistakes over there. Not to mention it is not clear whether the people behind BlackWorm Ransomware would really issue the decryption key if you were to pay the ransom. Security experts would never recommend paying the ransom because that only encourages the cyber criminals to carry on with their illegal deeds.

Instead of doing as told, simply remove BlackWorm Ransomware following the instructions below this description. If you have your library backed up on an external hard drive, you can simply remove the encrypted files, and then transfer the healthy copies back into your PC. Also, this infection has been detected quite some time ago, so you might also want to look for the public decryption tool. It could be out there.

How to Remove BlackWorm Ransomware

  1. Press Win+R and type %TEMP%. Click OK.
  2. Remove the BlackData.dat* file.
  3. Go to Microsoft folder and remove the svchost.exe file*.
  4. Press Win+R and type regedit. Click OK.
  5. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  6. On the right pane, right-click and delete the following value: ef781910bc5e8aab3761591acadf8bb6.
  7. Press Win+R and type %AppData%. Click OK.
  8. Go to Microsoft\Windows\Start Menu\Programs\Startup.
  9. Delete the svchost.exe* file.

* these files are hidden, so you need to select the Show hidden files and folders option in the Control Panel.

In non-techie terms:

BlackWorm Ransomware is a malicious computer infection that encrypts your files, and then does everything it can to prevent you from restoring them. It needs you to pay $200 for the decryption key, but there is no guarantee that the people behind this infection would really issue the decryption tool for you. Hence, keep your money to yourself, remove BlackWorm Ransomware, and look for other ways to retrieve your data.