'.blackblock File Extension' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 5 |
| First Seen: | November 11, 2016 |
| Last Seen: | June 22, 2020 |
| OS(es) Affected: | Windows |
PC security analysts have received reports of attacks involving numerous new variants from the Globe Ransomware family. The '.blackblock File Extension' Ransomware is one of these many variants, which carry out a typical encryption ransomware attack on their victim's computers. The '.blackblock File Extension' Ransomware is being distributed through corrupted email attachments contained in spam email messages. These corrupted emails may be designed to appear as if a legitimate company, often a social media platform like Facebook or Instagram, has sent them. The email will be designed to trick computer users into downloading and opening the corrupted attached file. The compromised email attachments being used to distribute the '.blackblock File Extension' Ransomware tend to exploit vulnerabilities in macro functionalities in applications such as Microsoft Office or many PDF readers currently. Taking precautions when handling email is a good way to prevent the '.blackblock File Extension' Ransomware and other ransomware attacks.
How the '.blackblock File Extension' Ransomware may Attack a Computer
The '.blackblock File Extension' Ransomware uses an AES-256 encryption algorithm to encrypt the victim's files. The '.blackblock File Extension' Ransomware will scan all local drives for certain file types. Whenever the '.blackblock File Extension' Ransomware finds these files, the '.blackblock File Extension' Ransomware will use its strong encryption method to encrypt them, making them inaccessible. Essentially, the '.blackblock File Extension' Ransomware takes its victims files hostage, an approach that is typical of these attacks. Unfortunately, the files that have been encrypted by the '.blackblock File Extension' Ransomware are no longer recoverable without access to the private decryption key, which the people responsible for the '.blackblock File Extension' Ransomware will hold until a ransom is paid.
The Ransom Notes by the '.blackblock File Extension' Ransomware Appear as Pop-Ups
The '.blackblock File Extension' Ransomware targets media files, photos, databases, spreadsheets, PDF files, Microsoft Office documents, and a variety of other file types that could have potential value to the victims of the attack. As its name indicates, the '.blackblock File Extension' Ransomware will identify files that have been encrypted by adding the extension '.blackblock' to the files names. The '.blackblock File Extension' Ransomware delivers a ransom note in an HTA file, a method that has been observed to gain prominence in ransomware attacks since Summer of 2016. The file containing the '.blackblock File Extension' Ransomware's ransom note is named 'How to Restore Data.hta.' and it causes a pop-up message to appear, which contains instructions on how to carry out payment to the people responsible for the '.blackblock File Extension' Ransomware.
'YOUR FILES HAVE BEEN ENCRYPTED!
Your personal ID
[random characters]
Your file have been encrypted with a powerful strain of a virus called ransomware.
Your files are encrypted using the same methods banks and the military use. There is currently no possible way to decrypt files with the private key.
Lucky for you, we can help. We are willing to sell you a decryptor UNIQUELY made for your computer (meaning someone else's decryptor will not work for you). Once you pay a small fee, we will instantly send you the software/info necessary to decrypt all your files, quickly and easily.'
It is not A Good Idea Pay the '.blackblock File Extension' Ransomware's Ransom
PC security analysts recommend that computer users recover fro11-11-2016 - Nida'm a '.blackblock File Extension' Ransomware attack by restoring their files from a backup. It is not recommended that computer users pay the '.blackblock File Extension' Ransomware ransom, since this allows con artists to continue developing variants in this threat family. Instead, computer users should ensure that backups are properly in place. Computer users that have not taken the appropriate precautions and have no backups will be tempted to pay the '.blackblock File Extension' Ransomware ransom. Malware analysts strongly advise against this. Research has demonstrated that the people responsible for these ransomware attacks are just as likely to ignore their victims or simply ask for more money from the victims of the '.blackblock File Extension' Ransomware attack.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.