Blocking Ransomware

The Blocking Ransomware is a ransomware Trojan that has a behavior typical of these infections. Like most ransomware Trojans, the Blocking Ransomware is designed to take the victim's files hostage. To do this, the Blocking Ransomware will use a strong encryption algorithm to make the victim's files inaccessible, then demanding a ransom payment from the victim. Malware analysts have observed a marked rise in ransomware attacks in the last couple of years, spurred by the easy availability of open source ransomware engines, RaaS (Ransomware as a Service) providers, and a worldwide increase of computer users around the globe. Take preventive measures to ensure that your data is safe from ransomware Trojans like the Blocking Ransomware.

The Additional Threats Presented on the Blocking Ransomware Ransom Note

The Blocking Ransomware is based on BTCWare, a ransomware family that has been active since at least April of 2017. The Blocking Ransomware was first observed in the first week of August 2017, and seems to have the same basic source code as other BTCWare variants that are active currently. Most of these variants will use a typical version of this ransomware attack, encrypting the victim's files using a resilient encryption algorithm and then marking the files encrypted in the attack by changing their extensions. BTCWare variants like the Blocking Ransomware tend to use the contact email address for the con artists as a file extension, which is appended to the end of each affected file during the renaming process. After the victim's files are encrypted, the Blocking Ransomware will deliver the following ransom note to the victim in the form of a file dropped on the victim's computer:

'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail avalona.toga@aol.com in body of your message write your ID
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
[FREE DECRYPTION AS GUARANTEE]
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 1Mb
[HOW TO OBTAIN BITCOINS]
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller
by payment method and price
https://localbitcoins.com/buy_bitcoins
[ATTENTION]
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 36 hours - your key has been deleted and you cant decrypt your files
Your ID:
[172 RANDOM CHARACTERS]'

There is no truth to the Blocking Ransomware ransom note. The victim's files were not encrypted because of a 'security problem' but, rather, as a way of extorting the victim to extract a ransom payment.

How the Blocking Ransomware may Infect the Victims' Computers

The Blocking Ransomware infection is targeting small and medium sized businesses rather than individual computer users. Most the Blocking Ransomware attacks seem to be based in the nation of Kazakhstan currently, although there are already signs of the Blocking Ransomware spreading beyond this country's borders. The main way in which the Blocking Ransomware itself is being delivered is by taking advantage of weak Remote Desktop Connections. Con artists will scan the companies' computers and servers for poor password protection and other weaknesses. When a weakness is found, the con artists gain access to the targeted PC and install the Blocking Ransomware in the process. If your computer or corporate network has been infected with the Blocking Ransomware, malware analysts strongly advise against paying the ransom or giving in to the con artists' demands. The Blocking Ransomware can be removed with a reliable security program, and your files can be restored from backup copies.