ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Black Ruby Ransomware
GuitarBob


Joined: 09 Jul 2006
Posts: 4376
Location: USA
Reply with quote
A new ransomware was discovered this week. It is called Black Ruby. It will not activate on computers that are based in Iran. At this time, there is no known method to decrypt files that it has encrypted. I have prepared a Clam AV signature for it below. Copy the signature, paste it to an empty Notebook or text file. Save the file as sigfile.mdb in the C:\ProgramData\.clamwin\db folder (or add it to an existing .mdb file if you have one).

439808:86732dcb6049a20db9f7a56d9136bd14:Win.Trojan.Ransom-021018.0402

Always make regular backups of your important documents and photos and keep them somewhere besides on your computer. Scan all files with an updated ClamWin and the Virus Total web site before you execute/run them. Also hover your mouse over all web links and see if the description matches the written one. I recommend that you do not click on links that end in .php--it is an automated script that you are probably better off without running/executing.

Regards,
View user's profileSend private message
Lipper


Joined: 31 Oct 2010
Posts: 123
Location: USA
Reply with quote
Many thanks for your efforts, Bob. I've added the signature. Smile
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4376
Location: USA
Reply with quote
I don't usually do a signature unless Clam doesn't detect the malware, and it is egregious. In this case there is no decryption available for the ransomed files, the malware may be sponsored by the Iranian state, and it also adds a miner to the infected machine (who knows what else--now/later).


Regards,
View user's profileSend private message
Black Ruby Ransomware
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic