A new armed variant of the infamous HiddenTear ransomware has been found, calling itself Black Feather.
When Black Feather infects a victim, it will encrypt files with AES, and append the extension ".blackfeather". The following ransom note "BLACK_FEATHER.txt" is left.
This is a backup of the deposit address.
Send 0.3 BTC to decrypt your files
Validate payment in the program.
The malware appears to be spoofing an Adobe PDF document as usual, but goes an extra step and displays the following message to confuse the victim while it encrypts files.
There was an error opening this document. The file is damaged and could not be repaired.
When it has finished, the form will show with the following text.
Welcome to Black Feather.
Thank you for downloading our software.
All of your files have been encrypted with a secure 256-bit HASH.
This means you can no longer access your files without the decryption key.
You can decrypt your files by paying us 0.3 BTC, this will remove the encryption
and give you full access to your files again.
The password is not saved anywhere, and is not sent to any server, so the criminals would not be able to supply the password for decryption.
If anyone has been hit by this ransomware, we recommend you do not pay the criminals. Please post here for assistance.