Cockblocker Ransomware

The Cockblocker Ransomware is a ransomware Trojan that was first detected by PC security analysts on Thanksgiving 2016. PC security analysts suspect that the Cockblocker Ransomware is still under development. The Cockblocker Ransomware's ransom note insults its victims by using derogatory language in the attack. The files that are encrypted during the Cockblocker Ransomware attack are identified by the extension '.hannah.' Like most ransomware Trojans being distributed currently, the Cockblocker Ransomware carries outs its attack by taking its victims' files hostage and then demanding the payment of a ransom. The Cockblocker Ransomware displays its ransom note in the form of an application window, probably using an HTA application do display the ransom message. The Cockblocker Ransomware's current ransom demand is of 1 BitCoin, approximately $700 USD at the exchange rate at the time of writing.

The Misleading Delivery Methods Used by the Cockblocker Ransomware

The most common way in which threats like the Cockblocker Ransomware are distributed is through the use of corrupted email attachments. There are several ways in which this can be done. The most common method used currently is a social engineering tactic to convince computer users to open file attachments in an unsolicited email message. For example, the victim could receive an email message that claims to have been sent by a social media platform like Facebook or Instagram, or by a shipping company such as FedEx or DHL. These messages will try to convince the computer user to open the attached file by claiming that it is something else. In more sophisticated attacks, con artists may get information about the victim's company and disguise the email as a message from that person's superior. The attached file will use some deceptive method to install the Cockblocker Ransomware or other threats. For example, it may be a DOCX file that exploits vulnerabilities in macros to install threats on the victim's computer.

Disclosing Some Details About the Cockblocker Ransomware Attack

Once the Cockblocker Ransomware has been installed, it scans the victim's computer in search for certain file types. The Cockblocker Ransomware will search for these files on all local drives, including removable memory devices and shared drives and folders. Whenever the Cockblocker Ransomware finds the files that match a list of file extensions in its configuration settings, it will use an advanced encryption algorithm to encrypt their contents. Files that have been encrypted by the Cockblocker Ransomware will no longer be accessible or readable by applications on the victim's computer. The Cockblocker Ransomware will then drop its ransom note, in the form of an HTA application dropped on the victim's Desktop. Of course, since the Cockblocker Ransomware is still under development, many of the details of the attack are likely to change. It is also equally likely that the Cockblocker Ransomware development will stop since it has been compromised by the fact that PC security researchers are now studying its attack.

Dealing with the Effects of a Cockblocker Ransomware Infection

It may be difficult to recover from a ransomware attack like the Cockblocker Ransomware if there are no backups of the encrypted files. On the other hand, recovery is quite easy if computer users have backups. This is why it is so important for computer users to make sure that they have backups of all files and these backups are regularly updated. If computer users can recover their files from a backup, then attacks like the Cockblocker Ransomware will become completely ineffective. The people that distribute threats like the Cockblocker Ransomware, especially judging from the tone of the ransom note and even the threat's name, will have no interest in keeping their promise to provide the decryption key in return for the payment. It is equally likely that the people responsible for the Cockblocker Ransomware will ignore the victim, ask for more money, or provide a fake decryption key. Ensure that the Cockblocker Ransomware is completely removed before restoring files from backups when recovering from a the Cockblocker Ransomware attack.

SpyHunter Detects & Remove Cockblocker Ransomware