BlackCocaine Ransomware Dubbed Uses AES & RSA Encryption Methods

Just lately, an Indian IT firm that’s specialised within the Banking and Monetary Companies sector, Nucleus Software program has suffered a safety breach on Might 30, 2021, as reported by the cybersecurity specialists at Cyble.

Nevertheless, Nucleus Software program has already reported the Bombay Inventory Alternate (BSE) and the Nationwide Inventory Alternate of India (NSEI) about this safety breach. 

The corporate famous that the likelihood of monetary knowledge leak is doubtful, as Nucleus Software program has confirmed that they don’t retailer any monetary knowledge of its clients.

In the course of the investigation, the safety researchers at Cyble has found that this cyber assault is executed by the group behind the BlackCocaine Ransomware, and from the beneath picture you’ll be able to see the compromised web page of BlackCocaine ransomware.

Technical Evaluation

Right here, the analysts assert that the primary sufferer of the BlackCocaine ransomware group is Nucleus Software program and so they have additionally revealed the malicious web site of BlackCocaine ransomware group:-

  • hxxp://blackcocaine[.]prime/

On Might 28, 2021, the above-mentioned area title was registered by the BlackCocaine ransomware group. The safety authorities at Cyble found the BlackCocaine ransomware pattern recordsdata throughout their routine workouts.

The operators of BlackCocaine ransomware have used the MinGW software to compile the ransomware payload file that may be a UPX-packed 64-bit Home windows executable file. 

Whereas the risk actors have used the Go language to program this malicious executable, and on Might 29, 2021, the operators behind this assault have compiled this executable file. 

After manually extracting the ransomware payload, the specialists concluded that to evade a number of safety evaluation instruments and make this extra sophisticated risk actors have used numerous anti-VM and anti-debugging strategies.

Right here, whereas encrypting the sufferer paperwork to carry out file system stock, the BlackCocaine ransomware decrypts Home windows APIs. After finishing this stage, it mechanically affixes the “.BlackCocaine” extension to the filenames of every encrypted file.

Furthermore, cybersecurity researchers have concluded that on this assault the AES and RSA Encryption strategies are utilized by the operators behind this BlackCocaine ransomware. 

After the profitable encryption course of, on the contaminated system, the risk actors drops a ransom observe:- 

  • “HOW_TO_RECOVER_FILES.BlackCocaine.txt” 


The specialists have recommended few suggestions and right here they’re talked about beneath:-

  • To trace and block the malware an infection at all times use the shared IoCs.
  • Use sturdy passwords.
  • Use multi-factor authentication.
  • Activate the automated software program replace.
  • Use safety instruments.
  • Keep away from opening untrusted hyperlinks and electronic mail attachments.
  • Use the service offered by the portal to trace your publicity within the Darkweb.

The BlackCocaine ransomware is among the lively and complicated malware strains; however, to lock the info and demand ransom from the sufferer the BlackCocaine makes use of the identical normal of server-side encryption technique.

You possibly can observe us on LinkedinTwitterFacebook for each day Cybersecurity, and hacking information updates.


Please enter your comment!
Please enter your name here