RT4BLOCK Ransomware
The RT4BLOCK Ransomware is a file-locking Trojan from the RotorCrypt Ransomware's family. Threats of this group can block digital media with encryption and extort money from their victims, afterward, and often target vulnerable Web servers. Users can maintain standardized security practices for keeping their data safe and use anti-malware products for any last-resort removal of the RT4BLOCK Ransomware from an infected computer.
Another Chip Off the Trojan Block
The RotorCrypt Ransomware is less often seen in 2019 than more-prolific, competing families of file-locker Trojans, such as the partially-Russian Scarab Ransomware or the Asia-oriented STOP Ransomware families. However, it's not extinct, as malware researchers continue finding occasional attacks that connect back to variants of the Trojan. A new version, the RT4BLOCK Ransomware, is pretending that it's part of Windows while it's blocking its victims' work, one file at a time.
The RT4BLOCK Ransomware's executable uses the name of 'winlogon.exe,' a crucial Windows component, for misrepresenting its identity and providing a plausible reason for its running as a background process. While doing so, it encrypts the user's text documents, pictures, spreadsheets, archives, databases, and other, digital media formats. It also takes precautions against various security and recovery features, such as disabling boot-up error messages and erasing the Restore Points.
None of these features are especially unique to the RT4BLOCK Ransomware, and malware experts estimate its payload as being mostly-identical to close relatives like the 'help2decode@mail.com' Ransomware, the '!__prontos@cumallover.me__.bak File Extension' Ransomware, the 'prusa@rape.lol' Ransomware, and the 'ymayka-email@yahoo.com' Ransomware. Differences with the RT4BLOCK Ransomware mostly are superficial – including the unwieldy extension of '!-information-...___ingibitor366@cumallover.me___....RT4BLOCK' and a new 'NEWS_INGiBiToR.txt' ransom note.
Getting Your Files Back to G-Rated
While torrents, e-mail attachments, and drive-by-downloads through corrupted advertisements are possible infection vectors for any file-locking Trojan, malware experts associate the RotorCrypt Ransomware family with other methods. Threat actors using the RT4BLOCK Ransomware and its relatives are likely of searching for servers with open Remote Desktop access, outdated software that harbors remote code-executing vulnerabilities, or poorly-chosen login credentials. Restricting RDP usage, updating software, when possible, and avoiding high-risk passwords will help cut down on attacks.
Free decryption tools for the RT4BLOCK Ransomware's family are extant but also are, by nature, imperfect and not sure of unlocking content from recent variants. Users with work worth paying for should consider backing it up to at least one resource that would be safe in the event of a local network or Internet-accessible machine's infection. Anti-malware tools always should remove the RT4BLOCK Ransomware but don't function as unlockers.
The RT4BLOCK Ransomware doesn't give out a specific price for its unlocking aid, which leaves the cost up to the criminal admin's negotiating skills entirely. One would hope that most victims would not give in since every dollar that the RT4BLOCK Ransomware earns is a new reason for the next version of the RotorCrypt Ransomware family.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.