- Home
- Detectable Ransomware
- Black Worm
Ransomware Research
Black Worm Ransomware
Black Worm is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on December 1, 2018, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- Black Worm
- First Seen
- December 1, 2018
How Black Worm Ransomware Works
Targeted Files
Doesn't work without C&C
File Encryption Patterns
Black Worm modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..bworm
Ransom Note and Payment Demands
After encrypting files, Black Worm displays ransom notes demanding payment for file recovery:
READ_IT.txt
Ransom message:
notes/READ_IT.txt
Note locations:
Desktop
Technical Indicators
Associated Executable Files
The following executable files are associated with Black Worm ransomware:
myfile.exe
ROBLOXHACK.bat
ef781910bc5e8aab3761591acadf8bb6.gxe
svchost.exe
Elastio Can Help You
Don't let Black Worm ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Black Worm ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Black Worm.
Last updated: July 30, 2025