BLOCK Ransomware
The BLOCK Ransomware is another threat belonging to the Xorist malware family. The behavior of the threat doesn't display any significant deviations from other Xorist variants. However, the cybercriminals responsible for unleashing the BLOCK Ransomware appear to be targeting Russian-speaking users predominantly. The file containing the ransom note of the threat is named 'КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt' and the instructions from the hackers are entirely in Russian without any translation into other languages.
The BLOCK Ransomware is capable of encryption a large number of file types ensuring that most of the victim's data stored on the compromised system will be rendered unusable. As part of the process, the threat also will append the name of each locked file with the '.BLOCK' extension. It should be noted that this is not the first threat to use the word block as a way to mark encrypted files. There is a previously detected malware named Block Ransomware that, curiously, also targets Russian-speaking users. However, the two malware threats deliver different ransom notes to their victims and use different emails for contact.
Demands Overview
Translating the ransom note reveals that the cybercriminals behind the BLOCK Ransomware want to be paid exactly $125. The message doesn't state how victims are supposed to transfer the money, so users will need to contact the hackers for additional information. A single email address has been mentioned as a communication channel - 'dec@ro.ru.' Victims are supposed to mention a specific number in their message, which most likely acts as the victim's ID. The number is found inside the ransom note.
The text of the note in its original Russian is:
'Внимание!
Все Ваши файлы зашифрованы криптостойким алгоритмом!
Чтобы восстановить свои файлы напишите нам письмо на
dec@ro.ru, в письме укажите номер 0042.
Расшифровка обойдется Вам в 125 USD.Переустановка Windows - не решит проблему, файлы останутся зашифрованы!
Чужие декодеры - могут безвозвратно испортить Ваши файлы, будьте осторожны!
Антивирус - лечит и удаляет вирусы, файлы он не восстановит.'
BLOCK Ransomware Video
Tip: Turn your sound ON and watch the video in Full Screen mode.
