Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Blocking Ransomware

Blocking Ransomware is a newly-developed malicious application closely associated with BTCWare Ransomware. It has been named like this not without reason. It has been noticed that the extension it appends to encrypted files contains .blocking at the end. Yes, researchers at pcthreat.com have already proved that this malicious application is another crypto-threat that enters illegally users’ PCs with the intention of locking their valuable files. To be frank, all ransomware infections act similarly because they all share the same goal – they seek to obtain money from users. The majority of users make a decision to give their money to cyber criminals because they badly need to access their files. Needless to say, specialists are against this. According to them, users should not transfer money to malicious software developers because by doing so they encourage cyber criminals to continue developing malicious applications. Additionally, users might not receive the key for decrypting files even if they make a payment. There are zero guarantees that cyber criminals behind Blocking Ransomware will give the promised decryptor after receiving what they want. Because of this, we have only one piece of advice for those users who have already encountered this ransomware infection – remove it from the system as soon as possible. Once you are done, you could try a free data recovery method – restoring files from a backup.

Blocking Ransomware is one of those threats that start working immediately on victims’ machines. To put it differently, it does not work in the background for some time before showing its face. Instead, it encrypts files right after the successful entrance. Research has shown that it encrypts pictures, images, documents, and many other files. The ones it leaves untouched are Windows OS files and Internet Explorer. This means that your computer will continue working normally with Blocking Ransomware aboard. Although ransomware infections usually enter computers without permission, users find out about their presence quickly. In the case of Blocking Ransomware, they not only soon find out that they cannot access the majority of their files, but also notice that all their files have turned into !#_READ_ME_#!.hta.[avalona.toga@aol.com].blocking (another email might be used too). Also, they come across a new file created on their Desktops without their permission – !#_READ_ME_#!.hta. This file contains a ransom note. Users are, first of all, told that their “files have been encrypted due to a security problem.” Then, they find out that they could get their files back only if they send an email with a unique ID to avalona.toga@aol.com and pay a ransom in Bitcoin. The price of the decryption is unknown, but it seems that it depends on how quickly a user contacts cyber criminals. As has already been told above, specialists do not think that giving money to ransomware developers is a good idea because these encrypted files might stay as they are even if you make a payment as instructed.

Since the ransomware infection we are talking about in this article is not a popular threat yet, it is hard to say how it arrives on computers. Most probably, deceptive tactics are used to promote it, specialists say. For example, it might be disseminated via malicious emails or wait for users on certain file-sharing websites. No matter how this infection has entered your computer, it cannot stay because it might strike again one day. To protect your computer from other infections that will be released in the future, simply install a security application on your PC. Keep in mind that the installation of a security application does not mean that you can now download suspicious software from the web, open spam emails, or click on all ads you see when you surf the web.

The ransom note (!#_READ_ME_#!.hta) is the only file Blocking Ransomware drops on a victim’s PC when it successfully enters it, so we are sure that it will not be that hard to uninstall this infection from the system. There are only two tasks you have to fulfill. First, delete all recently downloaded suspicious files. Second, remove the ransom note from Desktop. If you cannot do this manually, you can always acquire a reputable automatic malware remover and use it instead of trying to erase malware manually.

Delete Blocking Ransomware

  1. Open Windows Explorer by press Win+E.
  2. Go to %USERPROFILE%\Downloads (type the path in the URL bar and tap Enter to open it).
  3. Remove files you have recently downloaded.
  4. Check %USERPROFILE%\Desktop and delete suspicious files.
  5. Remove !#_READ_ME_#!.hta from Desktop.
  6. Empty Recycle bin.
Download Spyware Removal Tool to Remove* Blocking Ransomware
  • Quick & tested solution for Blocking Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.