BlockFile12 Ransomware Description
The BlockFile12 Ransomware is a ransomware Trojan that was first observed in May 2017. The most common way that the BlockFile12 Ransomware is being distributed is through the use of corrupted text files that use macro scripts to download and install the BlockFile12 Ransomware on the victim's computer. These files are being delivered to the victims through the use of spam email messages. The BlockFile12 Ransomware carries out a typical encryption ransomware attack, encrypting the victim's files to make them inaccessible and then demanding the payment of a ransom from the victim. The BlockFile12 Ransomware takes the victim's files hostage in exchange for ransom.
How the BlockFile12 Ransomware Infection Works
When the BlockFile12 Ransomware is installed on the victim's computer, it will first scan all local drives (including network storage and external devices connected to the infected computer). The BlockFile12 Ransomware will search for files with certain file extensions, which may include the following:
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD, .WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
The BlockFile12 Ransomware will use a strong encryption method to make inaccessible all the files it finds. The files encrypted by the BlockFile12 Ransomware will be identified with a new file extension added to the end of each file's name. This file extension '.block_file12' is what facilitates to know which files have been compromised in the attack. The BlockFile12 Ransomware also may use the long suffix '.===email@example.com===.block_file12' to identify files compromised in the infection.
How Con Artists Use the BlockFile12 Ransomware to Generate Illicit Profit
After encrypting the victim's files, the BlockFile12 Ransomware will drop a ransom note on the victim's computer. The BlockFile12 Ransomware's ransom note takes the form of a text file named 'HOW TO DECRYPT FILES.txt' and is placed on the infected computer's desktop. The file informs the victim of the attack and claims that it is necessary to email firstname.lastname@example.org (or in some cases a different account) to receive the decryption key required to recover the affected files. When the victims write to this email, they will be asked to pay a large ransom, generally through BitCoins. PC security experts strongly advise computer users to refrain from paying the BlockFile12 Ransomware ransom or contacting these people. Paying these ransoms rarely results in the return of the affected data and only helps finance new ransomware Trojans and additional hoaxes.
Dealing with the BlockFile12 Ransomware Infection
Unfortunately, the files encrypted by the BlockFile12 Ransomware are not recoverable without the decryption key. Because of this, the best way to deal with the BlockFile12 Ransomware is to have backup copies of all files and use them to restore the affected data. Having backup copies of all files on an external memory device or the cloud nullifies the BlockFile12 Ransomware tactic since victims can simply restore their files from a backup copy. The BlockFile12 Ransomware infection itself is relatively simple to remove by using the help of a reliable security application that is fully up-to-date. A reliable security program also can help intercept the BlockFile12 Ransomware before it carries out its attack. Since the most common way of distributing the BlockFile12 Ransomware is through corrupted spam email attachments, learning to handle spam emails safely is an essential part of avoiding these infections and cutting down the number of attacks effective by ransomware every year.
Infected with BlockFile12 Ransomware? Scan Your PC for FreeDownload SpyHunter's Spyware Scanner
to Detect BlockFile12 Ransomware * SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.
Security Doesn't Let You Download SpyHunter or Access the Internet?
Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.