What is Blackout ransomware? And how does it work?

Blackout ransomware is a file-encoder virus that claims to tests “the protection of OS Windows against ransomware”. It deceives its victims into thinking that they have to test their Windows operating system against ransomware infections. However, once you “test” your OS, the malware will tell you that your files got “accidentally” encrypted. It was developed using the HiddenTear open source platform. After the so-called “test”, it starts to scan your computer for files. According to our researchers, it mostly targets files under these locations: %PUBLIC%, %USERPROFILE% and %ALLUSERSPROFILE%. What’s more is that aside from encrypting the files using AES algorithm, this virus also has the ability to lock .exe files. If the happens, you won’t be able to start your programs in any way. After the encryption, it drops a file named README_1183339_23654.txt containing the message below.

Blackout ransomware is a free open source software.
The program is designed to test the protection of OS Windows against ransomware.
The developer of this software is not responsible for any damage caused by the program.
The program is experimental, and the entire responsibility for use lies with the user.
To decrypt your files, you need the program blackout_decryptor.exe
If you do not have it, write to email: [email protected] or [email protected]
In the letter, send your personal id and two small encrypted files for trial decryption.
If you dont get answer from [email protected] or [email protected] in 72 hours,
you need to install Tor browser; you can download it here:
After installation, open the Tor browser to a website:
Do not waste time, but instead proceed to [email protected] removal stage.”

How does Blackout ransomware spread?

Since this is still a Windows-based malware infection, it’s pretty clear that Blackout ransomware’s distribution method is quite limited so it is most likely distributed through torrent or gaming sites. The malicious file created by this ransomware might be disguised in an application or files that can be found in such sites.

In addition, you can also get infected by opening malicious spam emails with corrupted attachments as well as exploit kits. In such cases, you have to keep your system protected by making sure that your antivirus program and operating system up-to-date.

Get rid of Blackout ransomware with the help of the following removal and recovery guidelines.

Step 1: Reboot your computer into Safe Mode
Windows XP/Vista/7
1. Reboot your computer.
2. Tap F8 when you see the BIOS screen.
3. Select Safe Mode from the Advanced Boot Options menu using the arrow keys on your keyboard.
4. Press Enter.
5. And then proceed to remove the Blackout ransomware.
Windows 8/8.1/10
1. Tap two buttons: the Windows key and C on your keyboard and click Settings (if you use Windows 8/8.1) or click on the Start button (if you use Windows 10).
2. Click Power.
3. Hold the Shift key and click Restart.
4. Click Troubleshoot.
5. Click Advanced options.
6. Click Startup Settings.
7. Click on the Restart button.
8. Tap F4.
9. Proceed removing the Blackout ransomware when your PC starts in Safe Mode.

Step 2: Open the Windows Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for Blackout.exe or any suspicious processes that can be related to this malware.

Right-click on the processes, then click Open File Location and scan them using a powerful and trusted antivirus like SpyRemover Pro. After opening their folders, end their processes and delete their folders. If the virus scanner fails to detect something that you know is suspicious, don’t hesitate to delete it.

Step 3: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.

Step 4: Look for Blackout ransomware or any suspicious program and then Uninstall.

Step 5: Hold down Windows + E keys simultaneously to open File Explorer.
Step 6: Go to the directories listed below and delete everything in it. Or other directories you might have saved the file related to Blackout ransomware.

  • %USERPROFILE%\Downloads

  • %USERPROFILE%\Desktop

  • %PUBLIC%



  • %TEMP%

Step 7: Look for the malicious components of Blackout ransomware and then delete all of them.
Step 8: Go to your desktop and look for the ransom note and remove it.
Step 9: Empty the Recycle Bin.
Step 10: Try to recover your encrypted files.

Restoring your encrypted files using Windows’ Previous Versions feature will only be effective if the malware hasn’t deleted the shadow copies of your files. But still, this is one of the best and free methods there is, so it’s definitely worth a shot.

To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.

Follow the continued advanced steps below to ensure the removal of the Blackout ransomware:

Perform a full system scan using SpyRemover Pro. To do so, follow these steps:

  1. Turn on your computer. If it’s already on, you have to reboot it.

  1. After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.

  1. To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit Enter.

  1. Windows will now load the Safe Mode with Networking.

  1. Press and hold both R key and Windows key.

  1. If done correctly, the Windows Run Box will show up.

  1. Type in explorer
    A single space must be in between explorer and http. Click OK.

  1. A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.

  1. Click OK to launch SpyRemover Pro.

  1. Run SpyRemover Pro and perform a full system scan.

  1. After all the infections are identified, click REMOVE ALL.

  1. Register SpyRemover Pro to protect your computer from future threats.

logo main menu

Copyright © 2023, FixMyPcFree. All Rights Reserved Trademarks: Microsoft Windows logos are registered trademarks of Microsoft. Disclaimer: is not affiliated with Microsoft, nor claim direct affiliation. The information on this page is provided for information purposes only. Protection Status

Log in with your credentials

Forgot your details?