BlackKnight2020 ransomware is a screenlocker malware that locks the screen, preventing users from using the computer. However, it is easily unlockable by typing in the code BlackKnight2020.
When users infect their computers with BlackKnight2020 ransomware, their screens become locked, preventing them from doing anything. Fortunately, this is not file-encrypting malware, merely a screenlocker. When users initiate the malware, a screen will appear saying “Your computer has been locked!”. According to the message, the screen was locked because a “bad file” was opened, or a “bad link” was pressed. Victims are asked to pay $100 to unlock the screen, otherwise the malware will supposedly wipe the drive in 2 hours.
Since this is not actual ransomware, files are not encrypted. And victims certainly do not need to pay $100, as the code BlackKnight2020 should unlock the screen. Users then need to scan their computers with anti-malware software in order to remove BlackKnight2020 ransomware from their computers.
When it comes to ransomware, paying is not recommended, whether a free file recovery or screen unlock method is available or not. Users should keep in mind that they are dealing with cyber criminals, and it’s doubtful they will keep their end of the deal. Users dealing with file-encrypting malware may get broken decryptors or not get one at all. And those dealing with screen lockers may not get the code that would unlock the screen. Furthermore, paying cyber criminals only encourages them to continue their criminal activity.
The malware uses the usual methods of distribution, such as spam emails, torrents, etc. This will be explained below.
How does malware infect a computer?
It’s not uncommon for malware to infect computers of users who have bad browsing habits. If users carelessly use torrents to pirate content, open email attachments without double-checking, click on ads when on high-risk websites, etc., they have a high chance of picking up some kind of malware.
Spam emails are often used to spread all kinds of malware, including ransomware. Cyber criminals purchase leaked email addresses from hacking forums and launch email spam campaigns using them. Those emails attempt to convince users to open email attachments, which would trigger malware. In many cases, the emails are quite obviously malicious. For example, while the senders pretend to be from legitimate/official companies, their email addresses are unprofessional or completely random. They’re also usually full of grammar and spelling mistakes. Overall, when dealing with unsolicited emails with attached files, users should be very careful. It’s suggested to scan the attachments with anti-malware software or VirusTotal.
Pirating copyrighted content also often leads to a malware infection. Torrent sites are often not regulated properly, meaning cyber criminals can easily disguise their malware as a popular movie, TV series, games, etc. Downloading software cracks can also lead to malware.
Finally, we advise users to enable automatic updates whenever possible, and install updates manually when necessary. Updates patch known vulnerabilities, which can be used by malware to get in.
What does BlackKnight2020 ransomware do?
BlackKinght2020 screenlocker is a very noticeable infection because it literally locks the screen, preventing users from doing anything. In a dark background with red skulls, a message will appear saying that the computer has been locked. If users press “Get me Outta Here”, instructions will appear on the screen. Victims are asked to pay $100 in Perfect Money or Bitcoins. Once the payment is made, supposedly the code to unlock the computer will be sent to victims. According to the note, the malware will wipe the hard drive if the payment is not made within 2 hours.
Here is the note that appears on the lock screen:
Your Computer has been locked !
Your Computer has been locked and functions disabled, this is because you accessed
a bad file or you accessed a bad link. Which ever be the case click
the button “Get me Outta Here”
[Get me Outta Here]
Getting Out is Pretty Easy….
— Make a payment of $100 using any of the mentioned payment portal
** Perfect Money (U24482992)
** BTC CONTACT US (email@example.com)
— Send payment confirmation to email firstname.lastname@example.org
— After confirmation the unlock code will be sent to you
DONT BE A SMART A**. The lockscreen has a timer and this is set to drive wipe after 2 hours.
As it stands your drive is currently unaccessible.
Enter the code you received from us
Paying is not necessary, as the BlackKinght2020 unlock code is BlackKinght2020. Even if the code was not known, paying the ransom would not be recommended, as it would not necessarily lead to the desired outcome. Users are dealing with cyber criminals, and they should keep that in mind before agreeing to pay.
Users can unlock the screen by putting in the code BlackKinght2020. Once the screen is unlocked, users need to scan their computers with anti-malware software to delete BlackKinght2020 ransomware from their computers. Manual BlackKinght2020 ransomware removal is not recommended because this a complex malware infection.
BlackKinght2020 is detected as:
- MSIL/LockScreen.AIW by ESET
- Ransom.Winlock by Malwarebytes
- HEUR:Trojan-Ransom.MSIL.Agent.gen by Kaspersky
- Win32:Trojan-gen by Avast/AVG
- Trojan.Gen.MBT by Symantec
- Trojan:Win32/Wacatac.D7!ml by Microsoft