BLACKNET- 00 is described as a fully GUI-driven ransomware builder sold for $500, enabling zero‑skill users to generate and deploy professional‑grade ransomware. The threat actor Infrastructure Destruction Squad announced the platform via Telegram, emphasising its one‑click payload generation and a modular interface that requires no programming knowledge.
Its architecture supports layered encryption (AES‑256, RSA, ChaCha20), a Tor‑backed C2 with Domain Generation Algorithms, and built‑in data exfiltration, while also including anti‑analysis features such as Anti‑VM and Anti‑Sandbox detection and delayed execution to defeat sandbox monitoring.
The builder’s capabilities extend to disabling Windows security components, facilitating persistence through Registry Run keys and Scheduled Tasks, and enabling self‑propagation over SMB and USB drives, with DLL hijacking and other techniques aimed at evading detection.
Contextually, the article notes a 149% year‑over‑year increase in ransomware incidents in January 2025 and about 1,200 distinct cases in five weeks, underscoring a rapid shift towards commodified, low‑skill attack capabilities in the 2025–2026 threat landscape.