RT4BLOCK Ransomware
The RT4BLOCK Ransomware is a newly uncovered file-encrypting Trojan. Malware researchers studied this threat further they discovered that it belongs to the RotorCrypt Ransomware family. It is a common tactic of cybercriminals – building new data-locking Trojans based on the code of already existing ransomware threats.
Propagation and Encryption
Cybersecurity experts have not determined what method is applied in the spreading of the RT4BLOCK Ransomware. Spam email campaigns, bogus application updates, and corrupted pirated software downloaded from unofficial sources are likely among the techniques used in the propagation of the RT4BLOCK Ransomware. When the RT4BLOCK Ransomware infiltrates your system, it will start the attack with a scan. The scan is used to locate the files, which will be targeted for encryption. Next, the RT4BLOCK Ransomware will begin locking the files targeted. Once a file is locked its name will be changed. The RT4BLOCK Ransomware adds a '!-information-...___ingibitor366@cumallover.me___....RT4BLOCK' extension at the end of the name of the locked files. This means that a file, which was named ‘fire-panda.jpg’ will be renamed to ‘fire-panda.jpg!-information-...___ingibitor366@cumallover.me___....RT4BLOCK.’
The Ransom Note
The next phase of the attack is the dropping of the ransom note. The note is named ‘NEWS_INGiBiToR.txt.’ The note reads:
‘===================================================================================================
We want to give you important information.
Your files are fine, but they are in a locked state.
Attention!!!
time is limited, long waiting is fraught with data loss, we recommend contacting by email immediately
attached to the file name and in this text document.
Please note!!!!!!!!!!!!!
In case of attempts to restore files by third-party programs, your files will be damaged forever!
Your computer has a unique code, if this code is damaged, you will also lose all your files!
We have the right to detect attempts to restore files manually, destroy code and files irrevocably,
as well as analytical data of your company will be transferred to experts for further action!
In case of cooperation with us, we will return all your files to their original state, as well as get information on
your server protection and analytical data will be removed from our database.
Primary mail for communication: ingibitor366@cumallover.me
______________________15 days to reply, after a while the data will be erased_______________________’
The authors of the RT4BLOCK Ransomware do not state what the ransom fee demanded is. They offer an email address where the user can get in touch with them – ‘ingibitor366@cumallover.me.’
It is never recommended to contact cyber crooks. These are ill-minded actors who are not to be trusted. A safer alternative is downloading and installing a legitimate anti-malware application, which will keep your system safe from threats like the RT4BLOCK Ransomware.
