BlackRuby Ransomware Removal & File Decryption Guide (Remove Malware Virus)

BlackRuby Ransomware : Worthy Facts That You Must Know About It


BlackRuby Ransomware has been identified by security analysts as one of the first crypto-threats to install the mining component on infected Computers. It is crafted by team of cyber criminals in such a way that it can compromise any System executing on Windows based Operating System including Windows XP, Vista, Server, Me, NT, 7, 8/8.1 and the recent version Windows 10. It has been programmed to perform the data encryption procedure on the victimized System. It can targets everyone System users except the Computer user who are located in the Iran. Before getting too much details about this ransomware, take a closer look at the ransom message of this ransomware through which user can easily identify about its presence :

Ransom Note of BlackRuby Ransomware

Transmission Preferences of BlackRuby Ransomware

Being a ransomware infection, BlackRuby Ransomware uses couple of ways to compromise Windows System but mainly spread via spam emails. Cyber hackers have skill to develop the spam email letter disguised as invoices from the trusted or well-known companies. You must be aware from those convincing emails. When any System user open those malicious attachment, it secretly infiltrate inside the Windows System without their awareness. Besides spam campaigns, it also victimized Windows System via bundling method, torrent files, gambling sites, contaminated devices and many more.

File Encryption Procedure of BlackRuby Ransomware

According to the report of security analysts, this ransomware has been designed to lock all files stored on Windows System including music, pictures, text, databases, eBooks, spreadsheets, presentations and PDFs. After infecting files, it renames the original filename with 'Encrypted_%[random characters]%.BlackRuby' string. Additionally it drop the modified version of the XMRig and mine for the Monero. The mining component of such a ransomware is likely to be installed to AppData directory.

Once performing the file encryption procedure successfully, it makes almost all stored files inaccessible and after that presented the ransom note in desktop screen entitled as "how-to-decrypt-files.txt". The text file instructs victims about file encryption and directs System users to transfer the 650 USD bitcoin to digital wallet. Hackers may also invite victims to purchase the unique decryption key "Black Ruby Decryptor" and communicate with them through provided email address, "[email protected]".

Ransom Message Displayed by BlackRuby Ransomware

Once seeing ransom message of BlackRuby Ransomware, most of the Computer users easily tricked by it and they decided to make contact with cyber criminals but it is totally worst decision at all because there is no any assurances delivered by its creators that it will provide you the decryption key even paying the huge amount of ransom fee. To get files back and decrypt them, backup is one of the best solution but if you want to keep your valuable data safe for future then you must delete BlackRuby Ransomware from the compromised machine.


Free Scan your Windows PC to detect BlackRuby Ransomware


Remove BlackRuby Ransomware From Your PC

Step 1: Remove BlackRuby Ransomware in Safe Mode with Command Prompt

  • First of all disconnect your PC with network connection.
  • Click restart button and keep pressing F8 key regularly while system restart.


  • You will see “Windows Advanced Options Menu” on your computer screen.

Windows Advanced Options Menu

  • Select “Safe Mode with Command Prompt” and press Enter key.

safe mode with command promt

  • You must login your computer with Administrator account for full privilege.


  • Once the Command Prompt appears then type rstrui.exe and press Enter


  • Now follow the prompts on your screen to complete system restore.

Step 2: Remove BlackRuby Ransomware using MSConfig in Safe Mode:

  • Power off your computer and restart again.
  • While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.


  • Use the arrow keys to select “Safe Mode” option and press Enter key.

Safe mode

  • Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.


  • Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:

C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1

  • Disable all the malicious entries and save the changes.
  • Now restart your computer normally.

Step 3 : Kill Malicious Process Related To BlackRuby Ransomware

  • Press Alt+Ctrl+Del buttons together.


  • It will open the Task manager on your screen.
  • Go to Process Tab and find BlackRuby Ransomware related process.
  • Click the End Process Now button to stop the running process.

Step 4 : Remove BlackRuby Ransomware Virus From Registry Entry

  • Press “Windows + R” key together to open Run Box.


  • Type “regedit” and click OK button.


  • Find and remove BlackRuby Ransomware related entries.












Now hopefully you have completely removed the BlackRuby Ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.

Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the BlackRuby Ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.


If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.