TBlocker Ransomware
The TBlocker Ransomware is a file-locking Trojan that blocks your media and screen until you pay its ransom, although paying doesn't correlate with any automatic unlocking procedure. Due to the data loss associated with this threat, users should keep backups or get assistance from professionals in the anti-malware community for undoing the damage of an infection. Some anti-malware products also may delete the TBlocker Ransomware without allowing any harm to come to your files.
A Blocker that's Simpler than It Seems
Although just the ability to take digital content hostage is enough to bully some PC users into cooperating with any ransom demands, other Trojan campaigns include extra motivational factors. The TBlocker Ransomware is a new sample of a file-locking threat from a family yet to be made clear, and its ransoming instructions display the danger of taking these bluffs too seriously. Like other Trojans of its kind, the TBlocker Ransomware limits most of its symptoms until it's ready to show its pop-up and associated warnings.
The TBlocker Ransomware does encrypt files to lock them, similarly to families like the Globe Ransomware EDA2, or the notorious Jigsaw Ransomware. However, it uses a non-complex method of a DES algorithm and the static key of 'password.' The '_' symbol it appends to the ends of the file names enables any victims to detect what content (such as Adobe documents or GIFs) is held hostage relatively easily.
The ransom message uses an interactive HTA window, which the TBlocker Ransomware loads after it completes the previous attack. Although the TBlocker Ransomware asks for a traditional Bitcoin ransom for recovering your files, malware analysts also emphasize several inaccurate elements in its warning text:
- The TBlocker Ransomware claims falsely that it will upload the user's data to the Internet publicly.
- The TBlocker Ransomware asserts that its pop-up is capable of locking the screen permanently.
- The TBlocker Ransomware offers to provide a decryption key that, supposedly, only the threat actors possess, in return for the Bitcoin payment. However, this password is a non-variable string in the Trojan's executable and is readily available to code divers.
Blocking a Trojan from Getting Money that It Doesn't Deserve
Although its earliest detection rates were small in quantity, more brands of PC security software than previously are beginning to detect the TBlocker Ransomware as a threat, over time. Malware analysts recommend against paying the ransom that this Trojan demands especially since the decryption should be non-problematic for a PC security researcher with any significant cryptography experience. However, they also warn that updates might increase the security of the TBlocker Ransomware's attack and highlight that non-compromised backups are the preferred strategy for recovering from a file-locking Trojan.
Like its encryption key, the code for removing the TBlocker Ransomware's window also is a fixed string ('580933'). Closing its ransom window with the correct password gives the user access to the Windows UI and can facilitate other security protocols. However, it doesn't provide any form of access to the decryptor. While malware experts can't determine what infection exploits this campaign uses, different anti-malware programs may remove the TBlocker Ransomware safely and halt its encryption attempts before they cause any long-term file damage.
The TBlocker Ransomware is a very apparent effort by the con artists to bluff their way into the wallets of their victims. The word of a Trojan's author is a thing to be taken under extreme skepticism and never is in the user's best interest.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.