By LoneStar in Trojans

HmBlocker is a family of ransomware that first appeared in 2010. Infections involving ransomware threats that use fake messages from the police have been on the rise in recent years. HmBlocker is a prominent family of these kinds of fake alerts and is characterized by its messages designed to scare computer users into paying a fine. ESG security researchers advise computer users not to pay heed to HmBlocker's fake message from the police. Instead, they recommend the removal of HmBlocker with the help of an incorrupt anti-malware program. Although HmBlocker blocks access to the infected computer, there are ways to get around this malicious ransomware Trojan without having to pay to regain control of the infected computer.

The HmBlocker scam is not difficult to understand and is one of the most common malware scams that are found today. HmBlocker makes changes to the victim's computer's Registry that allows HmBlocker to display a full-screen message demanding that the victim pay a fine. This message will claim to be an official warning from a particular police department, usually belonging to the country where the infected computer is located. HmBlocker can determine this information using the infected computer's IP address. HmBlocker's message will claim that the victim's computer was connected with irregular activities, such as trafficking with child pornography or distributing pirated software. Then, HmBlocker threatens the victim with jail time and fees of thousands of dollars or Euros unless a fine (anywhere from fifty to two hundred Euros) is paid using a money transfer service. Common money transfer services used by criminals in these kinds of ransomware scams include Ukash, PaySafeCard and MoneyPak. It is important to remember that these companies are legitimate money transfer businesses that have no direct relationship with HmBlocker or other ransomware Trojan families.

While most security programs can remove the HmBlocker Trojan with few problems, computer users may have difficulties gaining access to their security software. This is due to the fact that HmBlocker blocks access to the victim's computer, blocking the Desktop until its ransom is paid. Fortunately, it is possible to bypass the HmBlocker message by using Safe Mode with a Command Prompt to open the Windows explorer or by starting up Windows from an alternate start-up source (such as an external memory drive or a shared network drive).


Most Viewed