Geek's Advice

BlackOrchid ransomware locks personal files until a ransom is paid

BlackOrchid is a name of a ransomware-type virus which encrypts personal files on victim’s computer. The virus was first noticed by GrujaRS. Victims whose computers get hit by this ransomware will discover that all personal and work files have been encrypted and marked with .shinya file extension. The virus also displays a window called Black orchid Team v2.40, which is equivalent to the traditional text ransom note. The message on the screen states that data has been encrypted using AES-256 encryption and the victim has to pay 0.09 BTC to the provided cryptowallet address in order to receive a decryption tool.

As suggested by BlackOrchid ransom note, files cannot be unlocked without a private, also known as decryption key. There is also hardly any ways to find it out as it is stored on criminals’ remote server securely. The attacker also suggests contacting him/her in case any questions arise. The provided contact methods are Telegram accounts (Lucifer_ayr47 and HeadNaughty).

The attacker also suggests paying the ransom and sending the proof to either Telegram or Instagram account named @shinya_dono. After a quick glimpse at this account, it seems that its holder might be Iranian as the posts are captioned in Persian language.

The ransom price for BlackOrchid decryption varies as the cryptocurrency value tends to change back and forth. However, at the moment of writing this article, it was approximately worth $620. The ransomware suggests paying the required sum within a given amount of time, or the decryption no longer be possible.

As suggested by security researchers, this malicious crypto-virus arises from Noblis (Cyclone, SystemCrypter) malware family. Therefore, it is clear that the best thing you can do after being infected is to remove BlackOrchid ransomware virus as soon as you can. After eliminating the malware from your system, you can start looking for your data backups to restore corrupted information safely. In case you do not have data backups, you might want to try data recovery solution included in System Mechanic Ultimate Defense anti-malware.

Threat Summary

Ransomware viruses is one of the biggest menaces for inattentive computer users nowadays. Such malware type has caused serious havoc to PC users worldwide due to ransomware such as DJVU, JOPE, OPQZ, Phobos or Nemty. The problem with ransom-demanding viruses is that they’re usually created by experienced programmers who know what they’re doing.

They design viruses to wreak havoc silently and leave no opportunities to reverse the damage done. It is also worth mentioning that ransomware encryption can be compared to military-grade encryption used to secure governmental secrects. That being said, you cannot decrypt Shinya file type data yourself, and most likely no one can (except the criminals). However, we still do not recommend paying the ransom as this simply fuels the malicious business and the malware industry.

Text presented in the ransom-demanding window that BlackOrchid Team virus shows on the screen:

YOUR FILES HAVE BEEN ENCRYPTED !
!!!!!!!!          BLACK ORCHID HERE          !!!!!!!!
The important files on your computer have been encrypted with military grade AES-256 bit encryption.

Your documents, videos, images and other forms of data are now inaccessible, and cannot be unlocked without the decryption key. This key is currently being stored on a remote server.

To acquire this key, simply pm me in Telegram: hxxp://t.me/lucifer_ayr47 or hxxp://t.me/HeadNaughty
or pay BTC and send the proof to @shinya_dono (TG & IG)

If you fail to take action within this time window, the decryption key will be destroyed and access to your files will be permanently lost.

WALLET ADDRESS: 12mdKVNfAhLbRDLtRWQFhQgydgU6bUMjay
BITCOIN FEE: 0.09

View Encrypted Files
Enter Decryption Key

How did ransomware attack your computer and ways to avoid it

There are several traditional ransomware and malware distribution methods that are used widely. When it comes to BlackOrchid ransomware distribution, it relies on malicious email spam (deceptive letters with eye-catching subjects and some files attached to it). Another distribution channel is malicious downloads. To be precise, you are likely to download the virus along illegal file sharing websites pushing various software cracks, keygens, free movies and similar copyright-protected content free of charge.

By downloading such files to your system, you expose your computer to a variety of threats, and ransomware might not be the worst of them. For example, you may install stealthy and silently-operating Trojans that can steal your data, track your keystrokes and sniff your login credentials for months before you notice it.

To avoid installing ransomware like BlackOrchid or other malware, follow these easy steps:

• Stay clear of emails sent by unknown senders, or suspicious-looking senders who claim to be someone you know (for example, colleague). Ask your colleague whether they intended to send something for you before opening the attached link or file.
• Keep in mind that malware can be distributed not only via executive files (aka programs), but also documents (Word, PDF, Excel), images, and basically any file type. Therefore, a good practice that we recommend is scanning the downloaded file with an up-to-date antivirus before opening it.
• Resist the urge to obtain copyrighted materials for free. Criminals often use this as a trap for inattentive computer users. Downloading that software crack can result in data loss which will be impossible to fix and destroy all of your work files or precious memories stored on your PC.
• Keep an anti-malware software installed on your computer, but make sure it has a real-time protection enabled.

Remove BlackOrchid ransomware and restore your files

Before you can restore your .shinya extension files, you must remove BlackOrchid ransomware virus and related malware from Windows operating system carefully. To complete this task, we suggest inspecting the tutorial provided by our cybersecurity experts. Since ransomware is a high-level threat, we do not recommend deleting it manually. Instead, boot your PC in Safe Mode and run a full system scan using a powerful anti-malware like System Mechanic Ultimate Defense.

BlackOrchid Team ransomware removal will ensure a clean and safe environment to start recovering your files from data backup. All you’ll have to do is simply plug the external data device to your computer and start copying files to your PC.

OUR GEEKS RECOMMEND

Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:

STEP 1. REMOVE AUTOMATICALLY WITH ROBUST ANTIVIRUS

REMOVE & PROTECT WITH INTEGO

Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7.. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs.

Use INTEGO Antivirus to remove detected threats from your computer.

Read full review here.

STEP 2. REPAIR VIRUS DAMAGE TO YOUR COMPUTER

DOWNLOAD RESTORO

RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically.

RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them.

Read full review here.

GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.

Alternative software recommendations

Malwarebytes Anti-Malware

Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.

System Mechanic Ultimate Defense

If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.

Norbert Webb

Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.