Blammocock.li Ransomware

Our researchers confirm Blammocock.li Ransomware is a new variant of Dharma Ransomware. Same as the previous version it shows a ransom note claiming the threat encrypted files located on the computer because of some security problem with the PC. In other words, the hackers behind the malware may try to convince the user they locked his data in order to protect it. Needless to say, the real reason behind damaging the user’s files is to extort money from him, and the fact the ransom note asks for a payment in Bitcoins (a cryptocurrency used by hackers for anonymity) inevitably leaves no doubt about it. As much as you may want to get your data back, keep it in mind even if you comply with the demands on the ransom note there are no guarantees you will be able to get your files back, so instead of risking your savings, we would advise removing Blammocock.li Ransomware. It might not be an easy task, but users who require assistance can follow our deletion instructions located below or acquire a reliable antimalware tool of their choice.

Such malicious applications can enter the system via fake software installers, bundled setup files, infected email attachments, and so on. As you realize, in many cases, the user has only himself to blame, for endangering the system, since he might have avoided the threat if he was more careful. To keep away from malware like Blammocock.li Ransomware our researchers advice being more attentive while choosing the applications you want to install and pay more attention to the reliability of the web pages you download such programs from. The safest choice would be to acquire software developed by a reputable company and distributed through legitimate sources. To be more precise, we would recommend avoiding torrent and other file-sharing sites that may spread pirated tools and untrustworthy freeware. Additionally, it would be smart to avoid opening email attachments received from unknown senders. In case you encounter such files you could scan them with a reliable antimalware tool to check if they are not harmful. The same could be done with installers downloaded from doubtful sources.

The moment the malware enters the system, it should start looking for data it could encrypt. According to our researchers, it could be user’s personal files, such as photos or documents. Moreover, there is a chance Blammocock.li Ransomware could damage program files too. If this is the case, the only exceptions should be files belonging to the computer’s operating system and other tools developed by Microsoft. All files that get locked are supposed to be marked with .[Blammo@cock.li].arrow extension. Therefore, if you had a picture named desert.jpg, it should turn into desert.jpg.[Blammo@cock.li].arrow. The next malware’s task is to show the computer’s user a ransom note. It is usually a text document, a picture with text on it, or in some cases even both. Talking about Blammocock.li Ransomware we believe it should show both. The text document is supposed to carry an extra short version of ransom note as it might only say “all your data has been locked us You want to return? write email Blammo@cock.li.”

However, the picture with the ransom note may say much more. To be more accurate our researchers say it is supposed to not only explain what happened to users data but also explain the user can get his data back by paying a particular sum in Bitcoins. The note even instructs on how to obtain Bitcoin, contact the hackers, get a couple of useless files decrypted “as a guarantee,” etc. We would not advise paying the ransom under any circumstances because you cannot be sure the hackers will help you as they promise and so you could lose your money for nothing. For users who do not wish to risk their savings our researchers recommend erasing Blammocock.li Ransomware with the instructions located below or a reliable antimalware tool.

Eliminate Blammocock.li Ransomware

1. Press Ctrl+Alt+Delete.
2. Go to the Task Manager.
3. Find the malware’s process.
4. Mark this process and click End Task.
5. Exit Task Manager.
6. Tap Win+E.
7. Navigate to:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. Check if you can find the malicious file downloaded before the computer got infected.
9. Right-click the suspicious file and press Delete.
10. Then check these locations:
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %WINDIR%\System32
11. Look for malicious executable files with random names (random.exe).
12. Right-click such data and select Delete.
13. If the infection drops ransom notes; erase them too.
14. Close File Explorer.
15. Press Win+R.
16. Type regedit and click OK.
17. Go to HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
18. Search for a value name with a random title; its value data should point to the malicious executable file in the %WINDIR%\System32
19. Right-click the described value name and press Delete.
20. Exit Registry Editor.
21. Empty your Recycle bin.
22. Reboot the system.