How to remove BlackMoon Ransomware and decrypt .cxk files

What is BlackMoon Ransomware

BlackMoon is another development of cybercriminals aimed at data encryption. So, this is a cryptovirus that shuffles user files using the AES algorithm. Judging by the content of the note, BlackMoon is aimed at Chinese users, however, according to our data, this has spread almost all over the world. After making any changes, the files cannot be used. Moreover, BlackMoon changes the extension of the infected files to .cxk. Also, the cryptovirus creates a special file *.txt (*-Chinese_Letters.txt) and changes wallpaper which contains information about what happened. You will find the images below:

remove BlackMoon ransomware

Fraudsters demand a ransom in the form of bitcoins for decrypting files. Also, the text file contains warning that the redemption amount will double every three days, which can seriously frighten users. However, you donэ’ even have to pay 1 cent for decryption. There is no guarantee that the scammers will really return your files, even if you pay the full price. You can read our tips to try to remove BlackMoon ransomware and decrypt your files.

remove BlackMoon ransomware

吾之电脑出了何事?
君之重文为我加密存矣。
照、图片、文档、缩包、音频、视频牍、exe牍等,殆有类之书尽加密矣,是以不能常开。
此与凡有质文损上之异。公大可在网上求复书之法,臣敢保证,无我之解密也,即天之不复此文档。
有无复此文档之法?
固有可复之法。只因我之解密役才复。吾以身保,安能供事者复效。
但是收费之,亦不可无限期之迟。
请点击< Decrypt按钮>,则可无偿还之文档。请君放心,我是不会诈也。
而欲复悉文档,须给点费e5a48de588b6e79fa5e9819331333363373163。
是否随时都可定金额给,则复之乎,固非,迟久不利于君给。
至三日内给费,过三日则倍费。
又有,一礼拜内不给,将永不复。
言于也,忘了告,于半年以上无钱给者,必有动无偿复,能否及子,则视君之运何如?。
给法
我只会受比特币。不知比特币何,请点击检详< About bitcoin >。
不能买比特币,请点击阅市法,< How to buy bitcoins >。
当审:给金额不减于窗上示之金额。
给后,请点击< Check Payment >按钮,以比特币之入帐,所需之时有点长,给后请待。
其正时为周至五,从上午九至十点
至账济后,可即始复事。
通也
若待我也帮组,请点击< Contact Us >,给我信!。
吾抗议,以免烦之烦,复工毕前,请勿闭或删其软件,且停杀毒软件。无论由何也,万一该软件被删矣,甚可致给后亦不复信也。

ENGLISH translation:

What happened to my computer?
Jun Zhizhong’s article is encrypted for me.
Photos, pictures, documents, shrink packs, audio, video clips, exe clips, etc., all kinds of books are encrypted, so they cannot be opened normally.
This is different from any qualitative text loss. The University of Hong Kong can seek the method of resuming the book on the Internet.
Is there any way to reproduce this document?
Inherently recoverable. Only because of my decryption campaign. I protect my life, and the safety can be restored.
However, the charges cannot be delayed indefinitely.
Please click the , then the document can be returned for free. Please rest assured that I will not cheat.
If you want to re-read the document, you must pay e5a48de588b6e79fa5e9819331333363373163.
Whether or not the amount can be given at any time, it will be the same, it is solid, and it will not be good for Jun to give it.
The fee shall be paid within three days or doubled after three days.
And again, if you do n’t give it within a week, it will never come back.
I said to you and forgot to tell, if you have no money for more than half a year, you will have to repay it for free. If you can get along, what is your luck?
Giving
I will only be affected by Bitcoin. I don’t know what bitcoin is, please click to check .
Can’t buy bitcoin, please click the market reading law, .
On trial: the amount given shall not be reduced to the amount shown on the window.
After giving, please click the button to enter the account in bitcoin. It takes a long time. Please wait after giving.
Its timing is from week to Friday, from 9 to 10 am
After the accounts are settled, the matter can be resumed immediately.
Tongya
If you want to help me, please click and write to me!
I protest to avoid troubles. Please do not close or delete its software and stop the anti-virus software before resuming work. Regardless of the reason, in case the software is deleted, even the letter will not be rewritten.


Wallpaper
remove BlackMoon ransomware
Like many viruses of this type, BlackMoon comes through unprotected user networks, taking the form of attachments in spam ezines or updates for programs and utilities. Moreover, this is due to the fact that users do not use antiviruses and other programs that can really protect your computer. Also, we suggest you familiarize yourself with our guides to remove BlackMoon and decrypt your files.

Well, there are 2 options for solving this problem. The first is to use an automatic removal utility that will remove the threat and all instances related to it. Moreover, it will save you time. Or you can use the Manual Removal Guide, but you should know that it might be very difficult to remove BlackMoon ransomware manually without a specialist’s help.

If for any reason you need to recover deleted or lost files, then check out our article Top 5 Deleted File Recovery Software

BlackMoon Removal Guide

Warning alert
Remember that you need to remove BlackMoon Ransomware first and foremost to prevent further encryption of your files before the state of your data becomes totally useless. And only after that, you can start recovering your files. Removal must be performed according to the following steps:

  1. Download BlackMoon Removal Tool.
  2. Remove BlackMoon from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
  3. Restore .BlackMoon files
  4. How to protect PC from future infections.

How to remove BlackMoon ransomware automatically:

Get Malwarebytes

Malwarebytes antivirus may help you to get rid of this virus and clean up your system. In case you need a proper and reliable antivirus, we recommend you to try it.

If you’re Mac user – use this.

Manual BlackMoon Removal Guide

Here are step-by-step instructions to remove BlackMoon from Windows and Mac computers. Follow these steps carefully and remove files and folders belonging to BlackMoon. First of all, you need to run the system in a Safe Mode. Then find and remove needed files and folders.

Uninstall BlackMoon from Windows or Mac

Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:

BlackMoon.dll
_readme.txt
readme.txt

Windows 7/Vista:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to BlackMoon by using Removal Tool;
  5. Delete found files;

Windows 8/8.1:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to BlackMoon by using Removal Tool;
  5. Delete found files;

Windows 10:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to BlackMoon by using Removal Tool;
  5. Delete found files;

Windows XP:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to BlackMoon by using Removal Tool;
  5. Delete found files;

Mac OS:

  1. Restart the computer;
  2. Press and Hold Shift button, before system will be loaded;
  3. Release Shift button, when Apple logo appears;
  4. Find programs or files potentially related to BlackMoon by using Removal Tool;
  5. Delete found files;

How to restore encrypted files

You can try to restore your files with special tools. You may find more detailed info on data recovery software in this article – recovery software. These programs may help you to restore files that were infected and encrypted by ransomware.

Restore data with Stellar Data Recovery

Stellar Data Recovery is able to find and restore different types of encrypted files, including removed emails.

  1. Download and install Stellar Data Recovery
  2. Choose drives and folders with your data, then press Scan.
  3. Select all the files in a folder, then click on Restore button.
  4. Manage export location. That’s it!
Download Stellar Data Recovery

 

Restore encrypted files using Recuva

There is an alternative program, that may help you to recover files – Recuva.

  1. Run the Recuva;
  2. Follow instructions and wait until scan process ends;
  3. Find needed files, BlackMoon them and Press Recover button;

How to prevent ransomware infection?

It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.

Malwarebytes

Get Malwarebytes

Malwarebytes is a reliable antivirus application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.

Leave a Reply

Your email address will not be published. Required fields are marked *