- Home
- Detectable Ransomware
- BlackKingdom
Ransomware Research
BlackKingdom Ransomware
BlackKingdom is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on February 1, 2020, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: BlackKingdom 2.0, BlackKingdom NextGen, Black_Kingdom, DemonCrypt, DemonWare, CoderWare.
Quick Facts
- Ransomware Family
- BlackKingdom
- First Seen
- February 1, 2020
- Known Aliases
- BlackKingdom 2.0BlackKingdom NextGenBlack_KingdomDemonCryptDemonWareCoderWare
How BlackKingdom Ransomware Works
Targeted Files
Written in Python (PyInstaller) 866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc -> random suffixes
File Encryption Patterns
BlackKingdom modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..DEMON
..svyx
./\.[a-zA-Z0-9]{4,7}$/
Ransom Note and Payment Demands
After encrypting files, BlackKingdom displays ransom notes demanding payment for file recovery:
README.txt
Ransom message:
notes/README.txt
Note locations:
Desktop
decrypt_file.TxT
Ransom message:
notes/decrypt_file.TxT
Note locations:
EveryFolder
Technical Indicators
Associated Executable Files
The following executable files are associated with BlackKingdom ransomware:
847612.exe
1.bin
payload.txt.bin
payload.exe
DemonWare Ransomware.exe
importantdoc.exe
CyberPunk2077.exe
scnrlyxizaefumt.exe
msotuzbphqgalky.exe
FREE VBUCKS GENERATOR 2021 FREE NO FAKE 1 LINK MEGA 100% REAL.exe
Elastio Can Help You
Don't let BlackKingdom ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This BlackKingdom ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like BlackKingdom.
Last updated: July 30, 2025