The Cryptoblock ransomware is a dangerous new virus strain which uses a non-standard file renaming scheme to rename the compromised data. It encrypts target user files and extorts a ransomware sum payment from the users. This malware is particularly dangerous as it appends randomly generated strings to the user data.
About The Cryptoblock Ransomware
The Cryptoblock is a new virus which is still under investigation as it is of unknown origin. It uses typical behavior patterns by targeting specific file type extensions and encrypting them with a suffix string. The feature which makes it very dangerous to the infected computer is the fact that the malware uses a randomly generated string which is appended to the user data. This makes it very difficult to restore the affected files as the RSA-2048 encryption cipher is also applied.
When the encryption process is complete a ransomware note is generated by the virus. It extorts the payment of 0.3 Bitcoins from the victims by displaying the following message:
Your personal files are encrypted!
Your personal files encryption produced on this computer: photos, videos, documents, ecc. Encryption was produced using a unique public key RSA-2048 generated for this computer.
To decrypt files you need to obtain the private key.
The single copy of the private key, which will allow to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files…
To obtain the private key for this computer, which will automatically decrypt files, you need to pay 0.3 bitcoin (~210 USD).
You can easily delete this software, but know that without it, you will never be able to get your original files back.
Disable your antivirus to prevent the removal of this software.
For more information on how to buy and send bitcoins, click “How to pay”
Do not delete this list, it will be used for decryption. And do not move your files.
Each time the timer expires, the total cost will raise.
After the purchase is made, wait 1-3 hour for our confirmation of the bitcoins.
After that click on “Decrypt Files” to Decrypt your files
Cryptoblock ransomware mainly targets the most commonly used user data file types which includes Microsoft Office documents, PDF Files, audio, video and photos, databases and etc.
How Does The Cryptoblock Ransomware Infect Computers
The main distribution methods of the Cryptoblock ransomware include false software bundles. The malware poses as legitimate software such as Adobe Flash player, Adobe Photoshop, Microsoft Office and other popular applications. Usually they the files are found on untrusted download sites and P2P networks like BitTorrent.
You can also get infected by clicking on malicious ads, via browser hijackers and Trojans and other popular infection methods.
How To Remove The CryptoBlock Ransomware and Recover Affected Files
To remove Cryptoblock infecions you need to use a trusted anti-spyware tool. There are other software which can also help you out in this situation to a limited extent such as:
- Data Recovery Tools
- Network Sniffers