BadBlock Ransomware
Posted: May 23, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 5 |
| First Seen: | May 23, 2016 |
|---|---|
| Last Seen: | February 13, 2019 |
| OS(es) Affected: | Windows |
The BadBlock Ransomware is a combination file encryptor and decryptor Trojan. The BadBlock Ransomware uses an encryption algorithm for blocking your data and loads a ransom message asking for Bitcoin payments before the BadBlock Ransomware will use the decryption feature. Since recovering content through a backup is a more dependable solution than paying con artists, malware experts recommend keeping redundant file copies on different platforms, along with conventional anti-malware products for detecting or removing the BadBlockRansomware.
A Bad Time for Each Block of Your Data
The BadBlockRansomware is a threat whose activities were identifiable in late May of 2016. While its payload includes the same essential encryption-based, hostage-taking functionality of any file encryptor Trojan, other deviations from threat standards make it clear that the BadBlockRansomware is most likely a unique and independently-developed threat. However, malware experts still can confirm its payload centering around delivering ransom messages for Bitcoin payments, backed up by a data-encrypting routine that blocks your files.
The BadBlockRansomware still scans for files on your PC based on their formats, but, unlike most file encryptors, does not provide a new extension for appending to their names. Just as with the content contained in a password-protected archive, content encrypted by the BadBlockRansomware can't open without the 'password,' which, in this case, is a decryption key.
Last, the BadBlockRansomware also drops an image on the infected PC's hard drive. This graphic provides the ransom instructions for accessing the BadBlockRansomware's decryption function, which its administrators supposedly unlock after receiving their Bitcoin payment. Compared to similar threats, malware experts note that the BadBlockRansomware's fee is one relatively high, with the current USD value at nearly nine hundred dollars.
Cracking the Baddest Threat on the Block
The expense of the BadBlockRansomware's extortion demands is in high contrast to the internal data-obfuscation functions used to protect victims decrypting their files themselves. Preliminary research suggests that developing independent decryption solutions for the BadBlockRansomware is possible, although malware experts have not confirmed the release of such products yet. When appropriate, any samples of threats and encrypted files can be sent to the appropriate PC security institutions to assist with their research.
Most encryption Trojans don't incorporate the decryption half of the ransom transaction into their program code. The BadBlockRansomware is an exception to this rule, which also requires the Trojan maintaining in-memory persistence indefinitely. A PC owner with a machine infected by the BadBlockRansomware should assume that the BadBlockRansomware is always active until terminated manually. Its authors appear to have taken no steps to disguise the BadBlockRansomware's independent memory process, which you may see through the Task Manager application.
Until another decryptor develops, free solutions to the BadBlockRansomware consist of blocking its installation routine or using traditional data protection strategies. In particular, malware experts would encourage any valuable information always be kept in multiple locations, such as an extra USB device, which you can keep isolated from a potentially compromised computer. Then you can delete the BadBlockRansomware with your anti-malware tools, restore your files from a backup, and be no poorer for the experience.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.