Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Black Mamba (possibly not Xorist)

  • This topic is locked This topic is locked
1 reply to this topic

#1 Glib


  • Members
  • 12 posts
  • Local time:01:58 PM

Posted 27 June 2017 - 08:03 PM

Hi, last month I was able to follow the instructions to remove Xorist ransomware from my computer (repairme2017@keemail.me)


I saw the other thread that said the Black Mamba ransomware was Xorist, but the emsisoft software is not able to find a key for this.  I have tried a pair of 334kb files and 6MB files, but no luck.  The affected filename ends with either [.BLACK_MAMBA_Files@QQ.COM] or [BLACK_MAMBA_Files@QQ.COM.BLACK_MAMBA_Files@QQ]  The strange thing is that sometimes it is only the file name that is affected and not always the filetype.  When the filetype is changed, it is [BLACK_MAMBA_Files@QQ File]


It looks like the same message as the other thread so not sure what else to do.  The software reaches 100% of key space exhausted and a message is displayed stating 'Files need to be at least 510 bytes long'.



All your important files were encrypted on this computer.

You can verify this by click on see files an try open them. 
Encrtyption was produced using unique KEY generated for this computer. 
To decrypted files, you need to otbtain private key. 
The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet;
The server will destroy the key within 24 hours after encryption completed.
To retrieve the private key, you need to pay 4 bitcoins
Bitcoins have to be sent to this address: 1JjKYDsYrJGPCzLGGmFL8nM7AvUncd2wYW
After you've sent the payment send us an email to : BLACK_MAMBA_Files@QQ.COM with subject : ERROR-ID-63100666(4BTC)
If you are  not familiar with bitcoin you can buy it from here :
SITE : www.localbitcoin.com
After we confirm the payment , we send the private key so you can decrypt your system.

Edited by Glib, 27 June 2017 - 08:18 PM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,920 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:58 AM

Posted 28 June 2017 - 05:46 AM

We have had two recent reports about this variant...one in this topic and another here.

All questions about Xorist or any of its variants should be posted in the primary support topic discussion noted below.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion. To avoid unnecessary confusion, this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users