RT4BLOCK Ransomware

Posted: July 22, 2019

RT4BLOCK Ransomware Description

The RT4BLOCK Ransomware is a file-locking Trojan from the RotorCrypt Ransomware's family. Threats of this group can block digital media with encryption and extort money from their victims, afterward, and often target vulnerable Web servers. Users can maintain standardized security practices for keeping their data safe and use anti-malware products for any last-resort removal of the RT4BLOCK Ransomware from an infected computer.

Another Chip Off the Trojan Block

The RotorCrypt Ransomware is less often seen in 2019 than more-prolific, competing families of file-locker Trojans, such as the partially-Russian Scarab Ransomware or the Asia-oriented STOP Ransomware families. However, it's not extinct, as malware researchers continue finding occasional attacks that connect back to variants of the Trojan. A new version, the RT4BLOCK Ransomware, is pretending that it's part of Windows while it's blocking its victims' work, one file at a time.

The RT4BLOCK Ransomware's executable uses the name of 'winlogon.exe,' a crucial Windows component, for misrepresenting its identity and providing a plausible reason for its running as a background process. While doing so, it encrypts the user's text documents, pictures, spreadsheets, archives, databases, and other, digital media formats. It also takes precautions against various security and recovery features, such as disabling boot-up error messages and erasing the Restore Points.

None of these features are especially unique to the RT4BLOCK Ransomware, and malware experts estimate its payload as being mostly-identical to close relatives like the 'help2decode@mail.com' Ransomware, the '!__prontos@cumallover.me__.bak File Extension' Ransomware, the 'prusa@rape.lol' Ransomware, and the 'ymayka-email@yahoo.com' Ransomware. Differences with the RT4BLOCK Ransomware mostly are superficial – including the unwieldy extension of '!-information-...___ingibitor366@cumallover.me___....RT4BLOCK' and a new 'NEWS_INGiBiToR.txt' ransom note.

Getting Your Files Back to G-Rated

While torrents, e-mail attachments, and drive-by-downloads through corrupted advertisements are possible infection vectors for any file-locking Trojan, malware experts associate the RotorCrypt Ransomware family with other methods. Threat actors using the RT4BLOCK Ransomware and its relatives are likely of searching for servers with open Remote Desktop access, outdated software that harbors remote code-executing vulnerabilities, or poorly-chosen login credentials. Restricting RDP usage, updating software, when possible, and avoiding high-risk passwords will help cut down on attacks.

Free decryption tools for the RT4BLOCK Ransomware's family are extant but also are, by nature, imperfect and not sure of unlocking content from recent variants. Users with work worth paying for should consider backing it up to at least one resource that would be safe in the event of a local network or Internet-accessible machine's infection. Anti-malware tools always should remove the RT4BLOCK Ransomware but don't function as unlockers.

The RT4BLOCK Ransomware doesn't give out a specific price for its unlocking aid, which leaves the cost up to the criminal admin's negotiating skills entirely. One would hope that most victims would not give in since every dollar that the RT4BLOCK Ransomware earns is a new reason for the next version of the RotorCrypt Ransomware family.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to RT4BLOCK Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware RT4BLOCK Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.