Security Stronghold security made easy

How to remove BlackRuby2 Ransomware and decrypt .BlackRuby-2 files

* What is BlackRuby2 Ransomware

* Download WiperSoft Antispyware Malware Remediation Tool

* Remove BlackRuby2 Ransomware manually

* Decrypt files after BlackRuby2 Ransomware infection

* Protect your PC from BlackRuby2 Ransomware and other crypto-viruses

* Get Professional Support

* Read Comments

Threat indicator: HIGH

Threat's profile

Name of the threat:

Command or file name:

Threat type:

Affected OS:

BlackRuby2 Ransomware



Win32/Win64 (Windows XP, Vista/7, 8/8.1, Windows 10)

===================== Identification Key =====================


===================== Identification Key =====================

[Can not access your files?]

Congratulations, you are now part of our family #BlackRuby Ransomware. The range of this family is wider and bigger every day.
Our hosts welcome our presence because we will give them a scant souvenir from the heart of Earth.

This time, we are guest with a new souvenir called "Black Ruby". A ruby ​​in black, different, beautiful, and brilliant, which has been
bothered to extract those years and you must also endure this hard work to keep it. If you do not have the patience of
this difficulty or you hate some of this precious stone, we are willing to receive the price years of mining
and finding rubies for your relief and other people of the world who are guests of the black ruby.

So let's talk a little bit with you without a metaphor and literary terms to understand the importance of the subject.
It does not matter if you're a small business or you manage a large organization, no matter whether you are a regular
user or a committed employee, it's important that you have a black ruby and to get rid of it, you need to get back to
previous situation and we need a next step.

The breadth of this family is not supposed to stop, because we have enough knowledge and you also trust our knowledge.
We are always your backers and guardian of your information at this multi-day banquet and be sure that no one in the
world can take it from you except for us who extracts this precious stone.

We need a two-sided cooperation in developing cybersecurity knowledge. The background to this cooperation is a mutual trust,
which will result in peace and tranquility. you must pay us worth of Bitcoins for restore your system to the previous state and
you are free to choose to stay in this situation or return to the normal.

In the end, we have to mention a few things about the second version.
Black Ruby Despite the early and false judgments of the news media about the false reports of fraudulent and slander about not sending decryptor to victims,
the popularity of popular sites to attract visitors with the title "Black Ruby Removal", as well as blocking the allegedly secure service of
Proton Mail that it was only our only email and the uncertainty of dear customers,
is still standing and more powerful than before with the second version came to the field.

In this version, with a new approach and a small change, we are a guest of new hosts and also support the first version.
our hosts are patient, slightly angry and 100% trustworthy.
They know that the key is in our hands and titles like "Removing Black Ruby on the System", which are covered on most sites, is a big lie to
advertising purposes.
We have been working out deep earth for the extraction of black ruby and we have partnered with you to sympathize with us in this difficulty.
We know that you are the only good protector of the black ruby and our only honored miner.

Do not forget that your opportunity is limited. From these limits you can create golden situations. Be sure we will help
you in this way and to know that having a black ruby does not always mean riches. You and your system are poor,
poor knowledge of cybersecurity and lack of security on your system!



1. Copy "Identification Key".
2. Send this key with two encrypted files (less than 5 MB) for trust us to email address "" or on the Tor network
"TheBlackRuby@Torbox3uiot6wchz.onion" (register in the torbox3uiot6wchz.onion and then send your request to our email address)
3. We decrypt your two files and send them to your email.
4. After ensuring the integrity of the files, you must pay us with bitcoin and
send transaction code to our email (get our bitcoin address by email).
5. You get "Black Ruby Decryptor" Along with the private key of your system.
6. Everything returns to the normal and your files will be released.


[What is encryption?]

Encryption is a reversible modification of information for security reasons but providing full access to it for authorised users.
To become an authorised user and keep the modification absolutely reversible (in other words to have a possibility to decrypt your files)
you should have an "Personal Identification Key". But not only it. It is required also to have the special decryption software
(in your case "Black Ruby Decryptor" software) for safe and complete decryption of all your files and data.

[Everything is clear for me but what should I do?]

The first step is reading these instructions to the end. Your files have been encrypted with the "Black Ruby Ransomware" software;
the instructions ("HOW-TO-DECRYPT-FILES.txt") in the folders with your encrypted files are not viruses, they will help you. After reading
this text the most part of people start searching in the Internet the words the "Black Ruby Ransomware" where they find a lot
of ideas, recommendation and instructions. It is necessary to realise that we are the ones who closed the lock on
your files and we are the only ones who have this secret key to open them.

[Have you got advice?]

[*** Any attempts to get back you files with the third-party tools can be fatal for your encrypted files ***]
The most part of the tried-party software change data with the encrypted files to restore it but this cases damage to the files.
Finally it will be impossible to decrypt your files. When you make a puzzle but some items are lost, broken or not put
in its place - the puzzle items will never match, the same way the third-party software will ruin your files
completely and irreversibly. You should realise that any intervention of the third-party software to restore files encrypted
with the "Black Ruby Ransomware" software may be fatal for your files.

If you look through this text in the Internet and realise that something is wrong with your files but you do
not have any instructions to restore your files, please contact your antivirus support.

BlackRuby2 Ransomware intrusion method

BlackRuby2 Ransomware copies its file(s) to your hard disk. Its typical file name is Defender.exe. Then it creates new startup key with name BlackRuby2 Ransomware and value Defender.exe. You can also find it in your processes list with name Defender.exe or BlackRuby2 Ransomware. Also, it can create folder with name BlackRuby2 Ransomware under C:\Program Files\ or C:\ProgramData.

If you have further questions about BlackRuby2 Ransomware, please, contact our technical support. It is free. Or you can use programs to remove BlackRuby2 Ransomware automatically below.

Download Wipersoft Antispyware

Download this advanced removal tool and solve problems with BlackRuby2 Ransomware and Defender.exe (download of fix will start immediately):

Download WiperSoft Antispyware to remove BlackRuby2 Ransomware

* WiperSoft Antispyware was developed to remove threats like BlackRuby2 Ransomware in automatic mode. Remover has active module to protect PC from hijackers, trojans, ransomware and other viruses. Trial version of Wipersoft provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Wipersoft.

Features of WiperSoft Antispyware

* Removes all files created by viruses.

* Removes all registry entries created by viruses.

* Removal is guaranteed - if Wipersoft fails ask for FREE support.

* 24/7 Spyware Helpdesk Support included into the package.

Download Spyhunter Remediation Tool by Enigma Software

Download antimalware designed specifically to remove threats like BlackRuby2 Ransomware and Defender.exe (download of fix will start immediately):

Download AntiMalware to remove BlackRuby2 Ransomware

Features of Spyhunter Remediation Tool

* Removes all files created by BlackRuby2 Ransomware.

* Removes all registry entries created by BlackRuby2 Ransomware.

* Removal is guaranteed - if Spyhunter Remediation Tool fails ask for FREE support.

* 24/7 Helpdesk Support and 5 hours of Remote Support via GoToAssist included into the package.

Let our support team solve your problem with BlackRuby2 Ransomware and remove BlackRuby2 Ransomware right now!

support person

Submit support ticket below and describe your problem with BlackRuby2 Ransomware. Support team will offer you solution in several minutes and give a step-by-step instruction on how to remove BlackRuby2 Ransomware. Trouble-free tech support with over 10 years experience removing malware.

Submit support ticket

Software Industry Professionals Member
Threat's description and solution are developed by Security Stronghold security team.

Here you can also learn:

* Technical details of BlackRuby2 Ransomware threat.

* Manual BlackRuby2 Ransomware removal.

* Download WiperSoft Antispyware Malware Remediation Tool.

How to remove BlackRuby2 Ransomware manually?

This problem can be solved manually by deleting all registry keys and files connected with BlackRuby2 Ransomware, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by BlackRuby2 Ransomware. However, this threat may not allow you to do htis in some cases, thats why, we recommednd you to use one of the above options.

To get rid of BlackRuby2 Ransomware, you should:

file logo

1. Kill the following processes and delete the appropriate files:

no information

Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use WiperSoft Antispyware Malware Remediation Tool for safe problem solution.

**Trial version of Wipersoft provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Wipersoft.

windows folder logo

2. Delete the following malicious folders:

no information

windows registry logo

3. Delete the following malicious registry entries and\or values:

no information

Warning: if value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use WiperSoft Antispyware Malware Remediation Tool for safe problem solution.

How to decrypt .BlackRuby-2 files after BlackRuby2 Ransomware infection?

You may attempt to decrypt files infected by different versions of BlackRuby2 Ransomware manually. Modern ransomware threats use complex encryption algorithms and try to prevent users from decrypting their files by disabling System Restore option, removing Shadow copies and previous versions of user files. However, in most cases, there is still a chance to restore your files using one of the described metods. There is also special advanced data recovery software, that can revive lost data in several clicks. This is not a guarantee for data restoration, but it is worth giving a try.

Using advanced data recovery software

  1. Download and run 'Recuva Professional'
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Restore encrypted files using System Restore

System Restore constantly creates copies of files and folders before major changes in the system (windows update, software installation). You can also create restore point manually from time to time. BlackRuby2 Ransomware may remove system restore files, but you can check it using following instruction.

windows system restore
  1. Click Start and search for 'system restore'
  2. Click System Restore result (Recovery in Windows 10)
  3. Choose any date before the infection appeared
  4. Follow the wizard instructions

Roll the files back to the previous version

Previous versions are copies of files and folders made by Windows Backup (if Windows Backup option is turned on) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were encypted by BlackRuby2 Ransomware. Available only in Windows 7 and later versions.

windows previous versions of files
  1. Right-click on the file and select Properties
  2. Click on the Previous Version tab
  3. Choose the latest version and click Copy
  4. Finally, click Restore

Restore .BlackRuby-2 files using shadow copies

shadow explorer
  1. Download Shadow Explorer and run it.
  2. Choose the drive and the folder, where encrypted files are located and date, when they were in normal state.
  3. Right-click on the folder, that you want to restore and choose Export.
  4. Select location folder for export and overview restored files.

Protect your computer from ransomware

Most of modern antivirus solutions have a module to protect from ransomware threats. However, there are also special solutions, that can detect cryptoviral activity and stop it, preventing modification of your files. One of the best is ZoneAlarm Anti-Ransomware utility, that will not use much resources for effective protection against latest ransomware threats.

zonealarm anti-ransomware
  1. Download and run ZoneAlarm Anti-Ransomware.
  2. Install it (works only on Windows).
  3. You are protected from encryption activity.

Information provided by: Aleksei Abalmasov

Next threat: Xorist-XWZ Ransomware »

« Back to catalog

Home | Partners | Shop | Support | Terms of use | Contact Us | Privacy Policy | Sitemap

Copyright © 2020 Security Stronghold. All Rights Reserved. All content on this website is protected and belongs to Security Stronghold LLC.