BlackKingdom Ransomware

Where did BlackKingdom Ransomware come from? Well, that is the million-dollar question we would love to know the answer to as well. The creator of this malware, unfortunately, is concealed, and we do not even know if that creator is responsible for anything else. Well, how is this malware distributed? That is another unknown. Perhaps it is mostly spread via spam emails (the launcher is executed after an attached file is opened), but perhaps the attacker behind it is using RDP vulnerabilities, malicious downloaders, and also third-party malware too. Unfortunately, when it comes to malware distribution, there are plenty of ways to help malicious infections infiltrate, and it is up to you to secure your system to ensure that all security vulnerabilities and backdoors are secured. That is easiest to do by implementing trusted anti-malware software. If this software does not exist, you might find yourself having to remove BlackKingdom Ransomware. Unfortunately, even if you delete this threat successfully, your files cannot be salvaged.

How did you learn about the existence of BlackKingdom Ransomware within your Windows operating system? Were you introduced to a red window that displayed a message? Perhaps you first saw a file named "README.txt"? Both the window and the text file represent the same message. It claims that all “Data, documents, Videos, Photos, Databases, servers, outlook emails” and other personal files were encrypted. According to our research team, that is not the case. It appears that this malware only encrypts files in %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, %USERPROFILE%\Documents, and also %USERPROFILE%\Pictures folders. Also, it only appears to encrypt files with these extensions: ".tar", ".zip", ".ico", ".png", ".csv", ".txt", ".mp4", ".docx", ".ogg", ".dump", ".xls", ".doc", ".gif", ".7z", ".mp3", ".iso", ".odt", ".ppt", ".ods", ".rar", ".jpg", ".jpeg", ".exe", ".key", ".pdf." We should note now that once these files are encrypted, you should find the “.DEMON” extension attached to their names. This is why BlackKingdom Ransomware might be known as DEMON Ransomware as well. Of course, even if the threat only encrypts files in those folders, it can still do a lot of damage.

If your most important personal documents and photos were encrypted by BlackKingdom Ransomware, you might be paying closer attention to the ransom note than is recommended. According to it, you can recover all files if you pay a ransom of $10,000 within 10 hours (600 minutes). The ransom is supposed to be paid in Bitcoin to the 3MdnThXfyPfjCVihXkbR3i15m4BFN3Rhi7 Bitcoin Wallet. This is an active wallet, and it had two unique transactions at the time of publication. The ransom note also lists an email address (blackingdom@gszmail.com) that you are welcome to use to contact the attackers. Needless to say, we do not recommend taking a risk this huge. If you email the attacker behind BlackKingdom Ransomware, they could send you emails containing new malware components, or they could try to milk more money from you. If you have already contacted the attackers, their bla bla blas should be disregarded. Also, do not waste your money. You are unlikely to get a decryptor even if you pay the ransom twice.

Our hope for you is that you have copies of all encrypted files. If these copies are located outside the infected computer, as soon as you delete BlackKingdom Ransomware, you can use them to replace the encrypted files. Have you located a decryptor that claims to be capable of restoring all files? Make sure that it is legitimate. If it is presented by an unknown company, or if you are asked to pay for it, it is possible that it was created to scam you or even help new infections slither in. Of course, removing BlackKingdom Ransomware is important regardless of what happens to the files. If you can locate the launcher of this malware, you might be able to delete this malware manually. If the infection’s ransom note window is still open, you can try catching the file via a running process. You can learn how to do it using the guide below. That said, we advise using anti-malware software for the full removal. Even if you can delete the threat yourself, you might be unable to safeguard the system against new attackers, and anti-malware software was built for that.

BlackKingdom Ransomware Removal

1. Tap Ctrl+Shift+Esc keys on the keyboard to launch the Task Manager.
2. Click the Processes tab and look for the malicious {unknown name} process.
3. If you can identify a ransomware process, right-click it and choose Open file location.
4. Go back to the malicious process, select it, and click End process.
5. Go to the location of the malicious {unknown name}.exe file and Delete it.
6. Also, Delete the ransom note file named README.txt.
7. Empty Recycle Bin, quickly install a trusted malware scanner, and run a full scan.