TBlocker Ransomware
Posted: February 13, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 20 |
| First Seen: | March 29, 2024 |
|---|---|
| OS(es) Affected: | Windows |
The TBlocker Ransomware is a file-locking Trojan that blocks your media and screen until you pay its ransom, although paying doesn't correlate with any automatic unlocking procedure. Due to the data loss associated with this threat, users should keep backups or get assistance from professionals in the anti-malware community for undoing the damage of an infection. Some anti-malware products also may delete the TBlocker Ransomware without allowing any harm to come to your files.
A Blocker that's Simpler than It Seems
Although just the ability to take digital content hostage is enough to bully some PC users into cooperating with any ransom demands, other Trojan campaigns include extra motivational factors. The TBlocker Ransomware is a new sample of a file-locking threat from a family yet to be made clear, and its ransoming instructions display the danger of taking these bluffs too seriously. Like other Trojans of its kind, the TBlocker Ransomware limits most of its symptoms until it's ready to show its pop-up and associated warnings.
The TBlocker Ransomware does encrypt files to lock them, similarly to families like the Globe Ransomware EDA2, or the notorious Jigsaw Ransomware. However, it uses a non-complex method of a DES algorithm and the static key of 'password.' The '_' symbol it appends to the ends of the file names enables any victims to detect what content (such as Adobe documents or GIFs) is held hostage relatively easily.
The ransom message uses an interactive HTA window, which the TBlocker Ransomware loads after it completes the previous attack. Although the TBlocker Ransomware asks for a traditional Bitcoin ransom for recovering your files, malware analysts also emphasize several inaccurate elements in its warning text:
- The TBlocker Ransomware claims falsely that it will upload the user's data to the Internet publicly.
- The TBlocker Ransomware asserts that its pop-up is capable of locking the screen permanently.
- The TBlocker Ransomware offers to provide a decryption key that, supposedly, only the threat actors possess, in return for the Bitcoin payment. However, this password is a non-variable string in the Trojan's executable and is readily available to code divers.
Blocking a Trojan from Getting Money that It Doesn't Deserve
Although its earliest detection rates were small in quantity, more brands of PC security software than previously are beginning to detect the TBlocker Ransomware as a threat, over time. Malware analysts recommend against paying the ransom that this Trojan demands especially since the decryption should be non-problematic for a PC security researcher with any significant cryptography experience. However, they also warn that updates might increase the security of the TBlocker Ransomware's attack and highlight that non-compromised backups are the preferred strategy for recovering from a file-locking Trojan.
Like its encryption key, the code for removing the TBlocker Ransomware's window also is a fixed string ('580933'). Closing its ransom window with the correct password gives the user access to the Windows UI and can facilitate other security protocols. However, it doesn't provide any form of access to the decryptor. While malware experts can't determine what infection exploits this campaign uses, different anti-malware programs may remove the TBlocker Ransomware safely and halt its encryption attempts before they cause any long-term file damage.
The TBlocker Ransomware is a very apparent effort by the con artists to bluff their way into the wallets of their victims. The word of a Trojan's author is a thing to be taken under extreme skepticism and never is in the user's best interest.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.