Blacknord@tutanota.com Ransomware

You may lose all your personal files if Blacknord@tutanota.com Ransomware finds a way to your system. This new malicious threat is indeed a new variant of RotorCrypt Ransomware. The strangest thing about this threat is that, just like its previous version, it does not provide you with a ransom note text file or an image to replace your desktop wallpaper with. You have to use the e-mail address in the extension this ransomware appends to your encrypted files in order to contact your attackers. For this reason, we have no information yet about the price of the decryption these criminals may offer. Please note that there is little chance for you to recover your files after this dangerous hit. Hopefully, you have a recent backup in cloud or on a removable hard disk, which you can use now to recover at least some of your files. But before you start copying your clean files back, we recommend that you remove Blacknord@tutanota.com Ransomware from your system as soon as possible. Keep in mind that this infection can start up automatically every time you restart your machine and encrypt your newly created or downloaded files.

The cyber criminals behind this severe threat use spam campaigns to distribute this malware infection. It may appear as an attached file, most likely an image or text document, but it might also be offered as a link in the message leading to a file storage place. This mail may claim to come from a known institution, company, or even the authorities. The subject can be anything urgent-looking like an unpaid invoice, an online booking of some sort (hotel or flight ticket) gone wrong, problems with the banking details you may have given while shopping online, and so on. Most people would easily believe this spam and click to open it. You should know that opening this mail may not be the biggest problem as there would still be a way out. However, once you click to save and view the attachment, you doom your files. From that point there will be no way for you to remove Blacknord@tutanota.com Ransomware without leaving your files encrypted. In other words, even if you delete this dangerous ransomware, it does not mean that your files will be recovered. Unfortunately, we have not find any free decryption tool yet that you could use to restore your encrypted files.

We have no information yet regarding the encryption algorithm used by this dangerous ransomware program. One thing is sure though: Your personal files will be encrypted in no time. This means the possible loss of your photos, videos, audios, databases as well as archives. Clearly, this ransomware tries to hit you hard enough to make you want to pay for the decryption of your files. The encrypted files are easy to spot since they will have a very long extra extension, "!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve." As a matter of fact, this extension also serves like sort of a ransom note as it instructs you to send an e-mail to "blacknord@tutanota.com" for the solution, i.e., information about the decryption of your files. We do not encourage you to contact these cyber crooks because they may not give you the decryption key or tool in the end anyway. It is most likely that you have to pay in Bitcoin; although, we have no clue about the amount yet. It could be anything between 100 and 10,000 dollars, to be frank. No wonder why we recommend that you delete Blacknord@tutanota.com Ransomware as soon as possible.

It is important that you remove the Run registry entry this ransomware creates because it can start up this threat every time you log into Windows. Then, you can delete all related files found on your system. You can use our instructions below but only do so at your own risk since making modifications to your registry database could be risky if you are not an advanced user. For the best possible protection of your precious PC, we suggest that you install a reliable anti-malware program, such as SpyHunter as soon as possible.

Remove Blacknord@tutanota.com Ransomware from Windows

1. Tap Win+R and enter regedit. Click OK.
2. Locate the "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | HYxqzAVO" value name.
3. Memorize and delete its value data since it contains the location of the malicious .exe file. (e.g., "C:\Users\user\AppData\Local\Google\tyLoByHE.exe" or "C:\Users\user\AppData\Local\Mozilla\ZqnMZCvo.exe")
4. Close your editor.
5. Press Win+E to open your File Explorer.
6. Locate and delete the malicious .exe based on the Run registry value name (e.g., "C:\Users\user\AppData\Local\Google\tyLoByHE.exe" or "C:\Users\user\AppData\Local\Mozilla\ZqnMZCvo.exe").
7. Delete the downloaded malicious file.
8. Empty your Recycle Bin.
9. Reboot your PC.