Ransomware: BadBlock is on the block!

BadBlock ransomware appears to be spreading mostly to home users.

Not only companies are targeted by ransomware. This particular form of blackmail and robbery seems to have started paying more attention to the “neglected” home users.  Until now, the main targets of ransomware attacks were the corporations. BadBlock ransomware, however, intends to change that assumption.

This new strain of ransomware appears to be spreading mostly to home users. The infection is distributed through e-mail attachments of different varieties such as .archive, .HTML and .exe. Another way to turn unsuspecting users into BadBlock victims are the URLs with malicious JavaScript and drive-by downloads using exploit kits with fake Flash updates. Security experts do not exclude the option that you might get infected through social media and file-sharing pages.

laptop-1176606_640

Once it gets in its victim’s system, BadBlock first ensures its persistence by making changes to registry keys, and then it creates the malicious .exe in Windows files. The encryption claims to be using RSA and asymmetric algorithms in order to generate the private and the public decryption keys. These encryption methods are common and usually used for sensitive data locking, however, without the presence of both keys, decryption is not possible.

According to security researchers, decryption should be possible.

BadBlock demands 2.0 Bitcoins as a ransom in exchange for the private key, which is about $900. Details on how to proceed in case you decide to pay the ransom are given in the information note.  BadBlock also tries to take its victims’ fear and warns that if an antivirus program automatically removes BadBlock, the files will become unrecoverable. The ransomware also tries to prevent backups from Volume Shadow Copies by deleting them. Unlike other ransomware, however, BadBlock does not change the encrypted files’ extension. The information screen even says that in case you are not willing to pay to get your files back, you can get rid of the infection by reformatting your machine. Now, how “helpful” is that.

The good news is that there may be some other way round to decrypt BadBlock. Security researchers have made some quick analysis, and according to their observations, a decryption should be possible.

Therefore, in case you’ve fallen a victim to BadBlock, do not panic and rush ahead with the payment of the ransom.  Stay tuned for new updates and solutions. If you are not infected and you are still reading this, then our “How to remove” team would advise you to  make a good file backup to all your valuable data and keep it safe in an external device – it could surely save you from the headache in case of a ransomware attack in the future.

 

 

Was this guide helpful?