Cockblocker Ransomware
Posted: November 25, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 10 |
| First Seen: | November 28, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Cockblocker Ransomware is a Trojan that blocks your local content by encrypting it and asks for ransoms in the Bitcoin currency for providing a decryption service. Unprotected systems may experience file loss that's impossible to recover from, making prevention-oriented security steps essential. Always quarantine or remove the Cockblocker Ransomware with anti-malware products before making further decisions on how best to reverse the effects of its attacks.
A Trojan Dragging Your Files into 'Urban' Territory
The extortion methods and choices of prose that Trojans levy against their victims often are clues as to the background or operational status of their harmful admins. For file-encrypting Trojans, these details often coalesce into implied familiarity with recent cyber security news or internet memes. In other examples, like the newly-found Cockblocker Ransomware, the messages deliver far more culturally-specific information.
Although malware experts can't confirm any cases of live attacks with the Cockblocker Ransomware, the Trojan's development is sufficiently complete to allow it to conduct full attacks against compatible PCs. The Cockblocker Ransomware uses an initial encryption routine to encipher files based on common locations (such as the Windows 'Users' folder) and prevents any third-party decryption attempts with its second layer of RSA encryption. The appended '.hannah' extension lets victims detect the encoded content by name.
The Cockblocker Ransomware's pop-up interface provides the most colorful details of the Trojan's attack. Besides delivering standard ransom demands for one Bitcoin (approx. 734 dollars), the Trojan's pop-up text uses poor grammar and slang in the style of African-American Vernacular English deliberately. Despite its appearances, malware experts stress that this choice doesn't imply any particular ethnicity on the part of the threat actor necessarily. Similar campaigns often hijack widely-known brands, such as Anonymous, to portray their attacks as coming from other sources falsely.
Getting Your Digital Jewels Unblocked Despite a Trojan's Best Efforts
While it doesn't appear to have a completed development, the Cockblocker Ransomware targets English-speaking PC users currently. Two different versions of the Cockblocker Ransomware samples have been found, to date, one using the titular 'Cockblocker.exe' name, the other using an apparently random string of characters. In either case, updated anti-malware products should detect this threat before it can install itself and encode any content.
Malware experts find no correlations between the Cockblocker Ransomware and past families of file-encrypting Trojans, which further reduces the probability of free decryption solutions. Since backups offer a much more reliable and easily implemented way of preserving most content, PC owners with any documents or other media worth saving should consider duplicating them onto other drives or servers.
The Cockblocker Ransomware is a Windows-only program with a central executable of less than one megabyte in size. Having anti-malware protection with background threat-detecting features can help you remove the Cockblocker Ransomware or identify related threats, including any Trojan installers trying to turn this work-in-progress into a real problem for your files.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 315.9 KB (315904 bytes)
MD5: e2982778434438cce87e6f43493d63ce
Detection count: 18
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 2, 2016
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.