Crypto-Blocker Ransomware
Posted: May 10, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 44 |
| First Seen: | May 10, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Crypto-Blocker Ransomware is a file-encrypting Trojan that locks your files to coerce you into paying ransoms with the assistance of its pop-up messages. Although having an undamaged backup is the easiest way to block this threat's payload from being damaging, free decryption solutions also can be leveraged in lieu over making payments. A majority of anti-malware products also can remove the Crypto-Blocker Ransomware on sight automatically.
The Hacker Company Comes to Visit
Fake warnings are a hallmark of some teams of threat actors who invest their efforts into a threatening file encryption, with interest in highlighting the additional potential for damage to your PC. However, such statements may be exaggerated or even fake, as demonstrated via the recently analyzed Crypto-Blocker Ransomware. This Trojan couples attacks for blocking your files with bluffs of other ones, to the point of claiming to make the entire PC unusable.
The Crypto-Blocker Ransomware adds its own '.corrupted' extension onto the local files it attacks, but, more importantly, also uses an AES or Rijndael cipher to encrypt them. Since their associated programs can't read the encrypted content, the Crypto-Blocker Ransomware's authors have a hostage to motivate their demands for ransom money.
The Trojan uses a standard Windows message box for displaying its ransom-collecting demands, although current releases don't provide much information on how to pay. Other than demanding 10 Euros or USD for their 'hacker company' within five hours, the most notable element of this pop-up is its warning that ignoring the prompt for five hours will result in your PC suffering from severe system damage that could make it unable to boot.
Beating a Trojan's Five Hour Deadline
Fortunately, malware experts find no evidence to confirm the last attack capabilities within the Crypto-Blocker Ransomware's current payloads. Although this Trojan can lock your files with encryption, it shouldn't damage the OS or any components essential to your PC's basic operations. Victims can remove the Crypto-Blocker Ransomware's pop-up by entering the code '01001' into the bottom field. Any other data recovery you require, such as decryption, is viable with the free Stupid Decryptor. Be sure of identifying the Crypto-Blocker Ransomware accurately before using the latter; using the wrong decryption utility can cause additional damage, instead of unlocking your media.
Since its ransoming demands aren't fully fleshed out, malware experts rate the Crypto-Blocker Ransomware as not yet having left the development portion of its campaign. Future variants may install themselves through such means as e-mail attachments or drive-by-download attacks, for two particularly modern examples. Almost all such attacks are preventable for PC users who can remove the Crypto-Blocker Ransomware with an alert anti-malware program automatically.
The bluster of a Trojan's messages contrasts with the attacks it can launch frequently. The Crypto-Blocker Ransomware and other file-encrypting threats exemplify why threat actors are happy to lace their real attacks with other, imaginary ones merely.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 544.25 KB (544256 bytes)
MD5: afce432f39419ac75edf95ca955d5937
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 11, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.