Crypto1CoinBlocker Ransomware DescriptionType: Ransomware
The Crypto1CoinBlocker Ransomware is a ransomware Trojan that seems to be a variant of a ransomware Trojan known as the Xorist Ransomware. After encrypting its victims' files, the Crypto1CoinBlocker Ransomware uses the extension '.1AcTiv7HDn82LmJHaUfqx9KGG55P9jCMyy' to identify the affected files. This string is a BitCoin wallet address, used for payments involving this anonymous online currency. After encrypting the victim's files, the Crypto1CoinBlocker Ransomware also delivers its ransom note in the form of a pop-up window and a text file named 'HOW TO DECRYPT FILES.txt,' which is dropped on the victim's Desktop.
Some Details About the Crypto1CoinBlocker Ransomware Infection
The Crypto1CoinBlocker Ransomware ransom note alerts the victim that the files were encrypted and they cannot be restored without paying a large ransom. Unfortunately, this information is true; it may not be possible to recover files encrypted by the Crypto1CoinBlocker Ransomware without the decryption key. The Crypto1CoinBlocker Ransomware demands an outrageously large ransom of 5 BitCoins, which is about $4550 USD currently. The message threatens the victim with deleting the decryption key entirely if the ransom is not paid within a certain period. PC security researchers strongly advise computer users to avoid paying the Crypto1CoinBlocker Ransomware ransom, however. Instead, they should put in motion preventive measures to minimize the effects of these attacks, including the use of backups and having a reliable security program that is fully up-to-date to protect their computers.
The Work of Ransomware Trojans Like the Crypto1CoinBlocker Ransomware
There are countless variants of ransomware Trojans, all carrying out the same basic attack on their victims. The most common way in which these threats may be distributed is through the use of corrupted email attachments (although other methods are not uncommon) Because of this, treating all email attachment with caution is a good way of protecting your computer from the Crypto1CoinBlocker Ransomware and other ransomware attacks. Other methods to distribute threats like the Crypto1CoinBlocker Ransomware include distributing fake files on file sharing networks and using corrupted advertisements or scripts to target the visitors of a particularly compromised Web page.
The following is the text of the Crypto1CoinBlocker Ransomware's pop-up ransom note:
'Your personal files are encrypted!
Your important files encryption produced on this computer: photos, videos, document, etc. Here is a complete list of encrypted files, and you can personally verify this. Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key. The single copy of the private key, which will allow you to decrypt the files, located on a setter server on the Internet: the server will destroy the key after a time specified on this window. After that, nobody and never will be able to restore files… Payment required. Server accepts payment in Bitcoin (BTC) only. 1. Pay amount 1 BTC. to access 1AcTiv7HDn82LmJHaUfqx9KGG55P9jCMyy 2. Transaction will take about 15-20 minutes to confirm. Decryption will start automatically. Do not: power off computer, run antivirus program, disable Internet connection. Failures during key recovery and file decryption may lead to accidental damage of files. These instructions are also saved to file named DecryptAllFiles.txt in Documents folder. You can open it and use copy-paste for address and key.'
The Crypto1CoinBlocker Ransomware also delivers its ransom note in the form of a text file. The following is the text contained in the Crypto1CoinBlocker Ransomware's text file, which is dropped on the victim's Desktop:
'Your Documents, Photos, database And other important Files Encrypted the Crypto1CoinBlocker 2017 Variant, The only one way You can recover Your Files is BUY A decryption Key, Payment Method BTC Via Get Bitcoins in Minutes www.localbitcoins.com, coincafe.com, libertyx.com, coinatmradar.com, paxful.com, coinjar.com, coinify.com, xcoins.io, bitquick.co, expresscoin.com, p.s if you pay after 5 day? Ok price 5 bitcoin final, Contact ME after Pay>email@example.com, Sent 1 To Address 1AcTiv7HDn82LmJHaUfqx9KGG55P9jCMyy.'
The Crypto1CoinBlocker Ransomware will also display a bogus error message, to further goad computer users into paying the ransom amount. The full text of the bogus error message associated with the Crypto1CoinBlocker Ransomware is the following:
'Your Documents, Photos, databases And other important Files Encrypted the Crypto1CoinBlocker 2017 Variant, The only one way You Can recover Your Files is BUY a decryption Key, Payment Method BTC Via Get bitcoin in Minutes. If you pay after 5 say? Ok price 5 bitcoin final, Contact ME After Pay>firstname.lastname@example.org, Sent 1 To Address 1AcTiv7HDn82LmJHaUfqx9KGG55P9jCMyy.'
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.