BlackShades Crypter Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 1068
Category: Trojans

You are doomed if BlackShades Crypter Ransomware ever manages to enter your system because it will encrypt all the files you keep on your computer. Unlike other old threats, this ransomware locks files silently. In other words, you will not see any pop-up windows claiming that the encryption process is finished. Of course, you will still notice that your files are encrypted because you will not be able to open any of them. BlackShades Crypter Ransomware acts like that not without a reason. Researchers say that all ransomware infections seek to make users pay money, so they give them the reason to do that, i.e. they lock files and then ask them to pay a ransom. Specialists working at will tell you more about the risks associated with paying money. You will also find more information about the decryption of files and the ransomware infection itself.

BlackShades Crypter Ransomware, most likely, uses the cipher RSA-4096 to make files impossible to access. Unfortunately, this infection will lock a number of files, including documents, pictures, videos, and music files. In other words, it locks all the most valuable files. You can be sure that the file you store on your computer is encrypted if you see that it contains the filename extension .silent. In addition, you will see new files on Desktop: Hacked_Read_me_to_decrypt_files.Html, Ваш идентификатор, YourID.txt. You will find out what to do if your files have been encrypted if you open Hacked_Read_me_to_decrypt_files.Html. Other two files (one in Russian and one in English) contain the unique ID. These files should not be removed if a user is going to pay a ransom. At the time of writing, the ransomware infection is asking users to pay 0.07BTC (approximately $30). It is not very expensive if we compare the amount of money this ransomware asks to pay to the ransom of other similar threats; however, you should still consider whether you really want and need to transfer money. Maybe you have copies of your files on an external storage device? If so, the only thing you need to do is to delete BlackShades Crypter Ransomware and then recover files. Free decryptor might help you too (download it from the web).

You already know that BlackShades Crypter Ransomware will encrypt your new files, create several files on Desktop, and open the .html file with the ransom note every time you reboot your computer, so now let us to tell you more about this infection from a technical perspective. First of all, specialists have observed that this threat puts two copies of itself to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. In addition, the point of execution in the RUN registry key (HKCU\Software\Microsoft\Windows\CurrentVersion\Run) will be created. This means that BlackShades Crypter Ransomware can start whenever it wants to and encrypt your files again if you keep it installed. Finally, as you already know, it will create three main files and then will put them on Desktop and other directories without permission as well.

Let us tell you how this ransomware infection travels. We hope that this will help you to prevent other similar threats from sneaking onto your computer in the future. According to our researchers, BlackShades Crypter Ransomware usually comes as an attachment in spam emails. In most cases, it looks completely harmless because it pretends to be a legitimate PDF or DOC file. This explains why there are so many users who download and try to open these files immediately. Unfortunately, you might infect your system with this threat if you surf corrupted websites too, so it is very important to immediately close a website that looks quite suspicious. If you fear that you could not protect the system from harm, install security software. It will ensure the safety for you.

BlackShades Crypter Ransomware can be removed either manually or automatically; however, it is very likely that it will encrypt the setup of the antimalware scanner. In such a case, use instructions provided below to eliminate this threat yourself. It would be clever to scan the system with SpyHunter or another trustworthy scanner to get rid of all other threats that might be hiding in a nook as well. Download the scanner and launch it after you have fully erased BlackShades Crypter Ransomware.

Delete BlackShades Crypter Ransomware manually

  1. Open the Windows Explorer (Win+E).
  2. Move to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup.
  3. Find and delete win.exe (the name of the file might differ).
  4. Remove the .html file (Hacked_Read_me_to_decrypt_files.Html).
  5. Go to %APPDATA%\Windows.
  6. Remove win.exe (the name of the file might differ).
  7. Open the Registry Editor.
  8. Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  9. Find the Driver Value with the Value Data C:\Users\user\AppData\Roaming\Windows\win.exe" /autostart.
  10. Right-click on it and select Delete.
  11. Delete the following files from your Desktop and empty the Recycle bin:
  • YourID.txt
  • Ваш идентификатор
  • Hacked_Read_me_to_decrypt_files.Html
Download Remover for BlackShades Crypter Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

BlackShades Crypter Ransomware Screenshots:

BlackShades Crypter Ransomware
BlackShades Crypter Ransomware
BlackShades Crypter Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *