BlackWorm Ransomware Removal Guide

Programs like BlackWorm Ransomware are the best proof that we have to be really careful when we interact with unfamiliar content online. Sometimes that content arrives right at our (virtual) doorstep. In this description, we will talk about the origins of this ransomware infection, how it spreads, and how you have to remove BlackWorm Ransomware from your computer as soon as possible. We would like to point out that if you do not feel confident with manual malware removal, you can always invest in a licensed antispyware tool that will help you terminate the infection automatically.

Sometimes it is hard to notice when the likes of BlackWorm Ransomware enter our systems. It’s because they take the most common routes. For example, if you deal with a big flow of emails every single day, you might not notice anything suspicious about a message that urges you to open the attached file. The file could look like a shopping invoice or some financial report. However, when a message makes it seem as though you have to open the message no matter what, it is very likely that there is something unreliable about it. Thus, you need to be attentive if you want to avoid BlackWorm Ransomware and other similar infections.

And there are tons of similar infections out there, especially considering the fact that BlackWorm Ransomware comes from the Hidden Tear family. Hidden Tear is open-source ransomware, and its code is available for the public. In other words, criminals who cannot afford to create their own infection from scratch can make use of this publicly available code, tweak it, and then release a modified version of their infection. BlackWorm Ransomware is that kind of program, and it is indirectly related to all the other ransomware programs that were based on the Hidden Tear code, for example, SnowPicnic Ransomware, EnybenyCrypt Ransomware, SymmyWare Ransomware, and many others.

Upon the infection, this program will encrypt your files, adding a new appendix to all the filenames. For example, a file.txt filename after the encryption will look like file.txt.bworm. Needless to say, you will not be able to open these files any longer. To make sure that you do not restore your files, BlackWorm Ransomware also removes the system restore point (provided you have had it created). Luckily, it doesn’t target all of the file types, but it can successfully encrypt documents, Excel sheets, PowerPoint presentations, image files, and so on. It doesn’t touch audio or video files, but if you have a lot of documents on your computer, BlackWorm Ransomware might as well encrypt them all.

As you can probably tell, this program expects you to pay $200 for the decryption tool. It indicates the price in the ransom note, although the note is very ambiguous and doesn’t offer any kind of confirmation that you will definitely get the decryption key once you pay the ransom. That is yet another reason to refrain from paying these criminals.

BlackWorm Ransomware was released several months ago, and so there is a good chance that there is already a public decryption tool available. In fact, if you have your files backed up, you do not even need it. Simply remove BlackWorm Ransomware right now, delete the encrypted files, and transfer the healthy copies into your computer. And don’t forget to be wary when you open attached files in the future.

How to Delete BlackWorm Ransomware

1. Press Win+R and the Run prompt will open.
2. Type %TEMP% into the Open box and click OK.
3. Delete the BlackData.dat* file.
4. Open the Microsoft folder and delete the svchost.exe file*.
5. Press Win+R and enter regedit. Press OK.
6. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
7. On the right side, right-click and remove this value: ef781910bc5e8aab3761591acadf8bb6.
8. Press Win+R again and type %AppData%. Click OK.
9. Navigate to Microsoft\Windows\Start Menu\Programs\Startup.
10. Remove the svchost.exe* file.

* Please note that these files are hidden, so depending on your settings, you might not find these files at once. You have to go to your Control Panel and make sure that the Show hidden files and folders option is enabled.