Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Changes default search engine

Blackmist Ransomware

We have recently tested a highly malicious program called Blackmist Ransomware which was designed to encrypt your personal files in an effort to make you pay a ransom to decrypt them and restore your computer to how it was before the infection. Unfortunately, you cannot trust the cybercriminals to keep their word, and we recommend that you remove this program because they might not keep their end of the bargain once you have paid. If your PC has been infected with this ransomware and toy want to find out more about it as well as how to get rid of it, please read the information presented below.

If Blackmist Ransomware happens to infect your computer, then we want to inform you that it will detect and enumerate running processes and collect information about your system. Furthermore, it will identify the default browser and terminate its process. It will also terminate explorer.exe, and taskmgr.exe. Then, it will check if your PC is connected to the Internet and delete its executable.

Once everything is in place, Blackmist Ransomware will encrypt your files with a unique Advanced Encryption Standard (AES) algorithm which does not have a free decryption key for this particular ransomware. Research has shown that this ransomware targets executables, documents, and pictures in particular as it was set to encrypt .png, .jpg, .docx, .rtf, .txt, and .exe file formats. It adds a “.blackmist” file extension to each encrypted file.

Once the encryption is complete, this ransomware will open its graphical user interface. If you click the Info tab, you will see that it demands 100 USD to unlock your PC. You are given 48 hours to pay the ransom. If you fail to meet the deadline, then a portion of your files will be deleted. If you delay the payment for an additional 48 hours, then this ransomware will delete all of your files including your operating system. You are required to pay the ransom in Bitcoins, so you have to buy some to pay the ransom. However, you should not do that as the cybercrooks might not keep their word and decrypt your files.

We have received information claiming that this ransomware is still in development, so many of the things in this ransomware are subject to change. Still, this program is more or less complete, so the full version should not have many overhauls. Blackmist Ransomware drops its main executable in %Temp%, and the name of the executable is modual.exe.

We believe that this ransomware ought to be distributed via email spam or bundled with other malicious software and put up for download on torrent websites, and the like. It might also be installed on your PC directly after clicking a malicious link that claims to be something else. However, email spam is the most likely method as it is the most effective. The emails can pose as tax return forms, invoices, and so on and the main executable can be disguised as a PDF document that will infect your PC when you open it.

As you can see, Blackmist Ransomware is one highly malicious computer infection, so you ought to get rid of it it as soon as possible before it can delete your files entirely or in part. We recommend using SpyHunter to erase this infection, but you can also use our manual removal guide to delete it yourself. Note that there is no free decryption program available for this ransomware, so you will not be able to decrypt your files.

Manual Removal Guide

  1. Press the Failsafe button on the top left of the screen.
  2. Hold down Windows+E keys.
  3. Type %Temp% in the File Explorer’s address box.
  4. Hit Enter.
  5. Locate modual.exe, right-click it and click Remove.
  6. Then, type %USERPROFILE%\Desktop and %USERPROFILE%\Downloads
  7. Locate the recently downloaded malicious file and delete it.
  8. Empty Recycle Bin.

Delete the PoE egistry keys

  1. Hold down Windows+R keys.
  2. Go to the following keys.
    • HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
    • HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
  3. Select Load which should contain %TEMP%\modual.exe in the data value section.
  4. Right-click it and click Delete.
  5. Close Registry Editor.
Download Spyware Removal Tool to Remove* Blackmist Ransomware
  • Quick & tested solution for Blackmist Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.