Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

BlackRuby Ransomware

BlackRuby Ransomware is a real nightmare if you consider that you may lose all your personal files in this malicious attack. This ransomware program can infiltrate your system without your knowledge and take all your important files hostage in order to extort money from you for the decryptor and the private key, without which it is not possible to recover your files. Or, at least, this is what these cyber criminals want you to believe. As a matter of fact, we have found that this ransomware is indeed decryptable even though we have not seen the free tool emerge; it can happen any time. Still, it is advisable to have a backup so that you can recover at least some of your important files after such a disastrous attack. We do not advise you to contact these villains or pay them any money at all. Experience shows that such crooks tend to disappear the moment they get your money. We recommend that you take action right now and remove BlackRuby Ransomware from your PC.

This malware infection can be distributed via spam campaigns. This means that this infection can pose as a "must-see" image or document attached to a spam e-mail. Cyber crooks like to use this method clearly because it is so effective; they can infect thousands of possible victims in one go. This spam can be very misleading and you may actually feel like it is an important one to check out. This is why you should be more vigilant when it comes to opening e-mails, let alone ones that land in your spam folder even if they appear to be of importance to you. It is important that you only open mails you expect to get or ones coming from people you know. If an unexpected mail shows up, which may also have an attachment, you had better send an e-mail to the sender to double-check if it was meant for you. Chances are you will not even get a reply because the sender does not exist or will not know about such a mail sent from his or her account. Remember that it is usually not possible to delete BlackRuby Ransomware without losing your files. In this case, however, you may be in the luck if the free file recovery tool will be available.

We also keep emphasizing the need for regular updates, including your browsers and drivers. Cyber criminals can create websites with Exploit Kits to trigger the drop of a dangerous ransomware infection like this one. In order for you to avoid such disasters, it is also important that you refrain from engaging with questionable third-party ads and other content on suspicious websites or when your computer might be infected. If you protect your PC properly, you will not need to remove BlackRuby Ransomware or any other threats.

Once you execute the downloaded malicious program, it creates a folder for its copy ("WindowsUI.exe"), which could be either "%WINDIR%\System32\BlackRuby" or "%WINDIR%\SysWOW64\BlackRuby." Then, it starts up the encryption and encodes all your personal files that are the most important for you, including your photos, videos, audios, databases, and archives. This can cause a lot of damage for you if you never backup your files. The encrypted files are easy to recognize since they look something like "Encrypted_YDHswhr75d2zpMPPdOiCwtR5lJ4VJXyguOtPNzwkArO.BlackRuby." As you can see, this threat does not only add a new extension but changes the whole file name as well. It also drops the ransom note text file ("HOW-TO-DECRYPT-FILES.txt") in every folder where files have been affected. Apart from all this, a Monero cryptocurrency miner called "Svchost.exe" is also installed to do mining on your system using your resources. This may cause serious system performance drops and major slowdowns.

These criminals want you to pay 650 US dollars' worth of Bitcoins to an address provided in the ransom note. You have to write an e-mail to "TheBlackRuby@Protonmail.com" including your identification key, which is at the beginning of the note, and two small encrypted files (less than 5MB each) as proof that they can decrypt your files. When you send these criminals then the transaction code after your payment, you should get a reply message with the decryption tool and private key. Unfortunately, it is quite likely that you will not get anything for your money. Please consider this before transferring the fee. We recommend that you removve BlackRuby Ransomware as soon as you can.

Hopefully, you have a recent backup stored in cloud or on a removable hard disk that you can use now to restore your files. However, you cannot copy them until you make sure that your computer is clean. As we have mentioned, it is possible that soon a free decryptor will hit the web, so you may want to wait for that before deleting your encrypted files as useless. Please use our guide below if you want to remove BlackRuby Ransomware manually. Of course, you can always use a reliable anti-malware program like SpyHunter, which can automatically take care of all your system security issues. Do not forget to keep this security software and all other programs on your system updated because cyber crooks can exploit outdated software bugs and attack your computer without your knowledge.

Remove BlackRuby Ransomware from Windows

  1. Tap Win+R and enter regedit. Press OK.
  2. Delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Defender" or "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender" (value data shows the location of the malicious file, e.g., "C:\Windows\system32\BlackRuby\WindowsUI.exe").
  3. Close the registry editor.
  4. Tap Win+E.
  5. Delete the malicious folder (where you find it): "%WINDIR%\System32\BlackRuby" or "%WINDIR%\SysWOW64\BlackRuby"
  6. Delete all suspicious files that you have saved lately.
  7. Delete every "HOW-TO-DECRYPT-FILES.txt" ransom note file from all the folders where files have been affected.
  8. Empty your Recycle Bin and restart your computer.
Download Spyware Removal Tool to Remove* BlackRuby Ransomware
  • Quick & tested solution for BlackRuby Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.