Datablack is a newly discovered ransomware strain that has been observed in the wild, displaying characteristics similar to ransomware from the Proton malware family. Upon infecting a system, Datablack encrypts user files, appending the “.Datablack” extension to each renamed file. In addition to the encryption, the malware drops a ransom note on the victim’s machine, titled “#Recovery.txt.” This note instructs victims to reach out to the attackers via provided email addresses for further decryption instructions, indicating a typical ransom demand scenario.
The Datablack ransomware is particularly aggressive in its tactics, as it can delete volume shadow copies, making it more difficult for the victim to recover data through traditional means. Volume shadow copies are used by Windows to create backup copies of files, and their deletion significantly hampers data recovery efforts, leaving victims with fewer options to restore their files. Furthermore, the ransomware is capable of disabling automatic repair features during the system’s boot process, preventing the victim from using recovery tools or booting into safe modes that might help mitigate the damage.
The malware also exhibits advanced detection evasion capabilities. It is flagged by several security tools, with detection signatures that include behavioral-based detections like SONAR.SuspLaunch, which identifies suspicious launch behavior, as well as file-based detections like Trojan.Gen.MBT. Machine learning-based security tools, such as Heur.AdvML.A, also identify the threat by detecting its malicious behavior, providing multiple layers of protection against it. These detection techniques suggest that Datablack is specifically designed to evade traditional antivirus systems while also leveraging cutting-edge machine learning tools.
As the threat landscape evolves, it is clear that Datablack is part of a growing trend of increasingly sophisticated ransomware variants. Victims of Datablack are urged to remain cautious of unsolicited emails and avoid downloading attachments or clicking on suspicious links. As the ransomware targets individuals and organizations alike, cybersecurity experts recommend deploying robust protection measures, including regularly updated antivirus software, backup systems, and the use of strong authentication methods to minimize the risk of falling victim to such attacks.
Reference:
