BlockFile12 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 67 |
| First Seen: | May 16, 2017 |
| Last Seen: | June 19, 2022 |
| OS(es) Affected: | Windows |
The BlockFile12 Ransomware is a ransomware Trojan that was first observed in May 2017. The most common way that the BlockFile12 Ransomware is being distributed is through the use of corrupted text files that use macro scripts to download and install the BlockFile12 Ransomware on the victim's computer. These files are being delivered to the victims through the use of spam email messages. The BlockFile12 Ransomware carries out a typical encryption ransomware attack, encrypting the victim's files to make them inaccessible and then demanding the payment of a ransom from the victim. The BlockFile12 Ransomware takes the victim's files hostage in exchange for ransom.
Table of Contents
How the BlockFile12 Ransomware Infection Works
When the BlockFile12 Ransomware is installed on the victim's computer, it will first scan all local drives (including network storage and external devices connected to the infected computer). The BlockFile12 Ransomware will search for files with certain file extensions, which may include the following:
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD, .WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
The BlockFile12 Ransomware will use a strong encryption method to make inaccessible all the files it finds. The files encrypted by the BlockFile12 Ransomware will be identified with a new file extension added to the end of each file's name. This file extension '.block_file12' is what facilitates to know which files have been compromised in the attack. The BlockFile12 Ransomware also may use the long suffix '.===contact_mail===itankan12@gmail.com===.block_file12' to identify files compromised in the infection.
How Con Artists Use the BlockFile12 Ransomware to Generate Illicit Profit
After encrypting the victim's files, the BlockFile12 Ransomware will drop a ransom note on the victim's computer. The BlockFile12 Ransomware's ransom note takes the form of a text file named 'HOW TO DECRYPT FILES.txt' and is placed on the infected computer's desktop. The file informs the victim of the attack and claims that it is necessary to email itankan12@gmail.com (or in some cases a different account) to receive the decryption key required to recover the affected files. When the victims write to this email, they will be asked to pay a large ransom, generally through BitCoins. PC security experts strongly advise computer users to refrain from paying the BlockFile12 Ransomware ransom or contacting these people. Paying these ransoms rarely results in the return of the affected data and only helps finance new ransomware Trojans and additional hoaxes.
Dealing with the BlockFile12 Ransomware Infection
Unfortunately, the files encrypted by the BlockFile12 Ransomware are not recoverable without the decryption key. Because of this, the best way to deal with the BlockFile12 Ransomware is to have backup copies of all files and use them to restore the affected data. Having backup copies of all files on an external memory device or the cloud nullifies the BlockFile12 Ransomware tactic since victims can simply restore their files from a backup copy. The BlockFile12 Ransomware infection itself is relatively simple to remove by using the help of a reliable security application that is fully up-to-date. A reliable security program also can help intercept the BlockFile12 Ransomware before it carries out its attack. Since the most common way of distributing the BlockFile12 Ransomware is through corrupted spam email attachments, learning to handle spam emails safely is an essential part of avoiding these infections and cutting down the number of attacks effective by ransomware every year.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.