RT4BLOCK Ransomware Description
The RT4BLOCK Ransomware is a file-locking Trojan from the RotorCrypt Ransomware's family. Threats of this group can block digital media with encryption and extort money from their victims, afterward, and often target vulnerable Web servers. Users can maintain standardized security practices for keeping their data safe and use anti-malware products for any last-resort removal of the RT4BLOCK Ransomware from an infected computer.
Another Chip Off the Trojan Block
The RotorCrypt Ransomware is less often seen in 2019 than more-prolific, competing families of file-locker Trojans, such as the partially-Russian Scarab Ransomware or the Asia-oriented STOP Ransomware families. However, it's not extinct, as malware researchers continue finding occasional attacks that connect back to variants of the Trojan. A new version, the RT4BLOCK Ransomware, is pretending that it's part of Windows while it's blocking its victims' work, one file at a time.
The RT4BLOCK Ransomware's executable uses the name of 'winlogon.exe,' a crucial Windows component, for misrepresenting its identity and providing a plausible reason for its running as a background process. While doing so, it encrypts the user's text documents, pictures, spreadsheets, archives, databases, and other, digital media formats. It also takes precautions against various security and recovery features, such as disabling boot-up error messages and erasing the Restore Points.
None of these features are especially unique to the RT4BLOCK Ransomware, and malware experts estimate its payload as being mostly-identical to close relatives like the 'email@example.com' Ransomware, the '!firstname.lastname@example.org__.bak File Extension' Ransomware, the 'email@example.com' Ransomware, and the 'firstname.lastname@example.org' Ransomware. Differences with the RT4BLOCK Ransomware mostly are superficial – including the unwieldy extension of '!-information-...email@example.com___....RT4BLOCK' and a new 'NEWS_INGiBiToR.txt' ransom note.
Getting Your Files Back to G-Rated
While torrents, e-mail attachments, and drive-by-downloads through corrupted advertisements are possible infection vectors for any file-locking Trojan, malware experts associate the RotorCrypt Ransomware family with other methods. Threat actors using the RT4BLOCK Ransomware and its relatives are likely of searching for servers with open Remote Desktop access, outdated software that harbors remote code-executing vulnerabilities, or poorly-chosen login credentials. Restricting RDP usage, updating software, when possible, and avoiding high-risk passwords will help cut down on attacks.
Free decryption tools for the RT4BLOCK Ransomware's family are extant but also are, by nature, imperfect and not sure of unlocking content from recent variants. Users with work worth paying for should consider backing it up to at least one resource that would be safe in the event of a local network or Internet-accessible machine's infection. Anti-malware tools always should remove the RT4BLOCK Ransomware but don't function as unlockers.
The RT4BLOCK Ransomware doesn't give out a specific price for its unlocking aid, which leaves the cost up to the criminal admin's negotiating skills entirely. One would hope that most victims would not give in since every dollar that the RT4BLOCK Ransomware earns is a new reason for the next version of the RotorCrypt Ransomware family.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to RT4BLOCK Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.