Destructive BadBlock ransomware can be foiled

If you have been hit with ransomware, you want that malware to be BadBlock – but only if you haven’t restarted your computer.

This particular malware is a lacklustre attempt to create something on par with more popular ransomware, and that allowed Emsisoft security researcher Fabian Wosar to create a decrypter tool for it.

The tool can be downloaded for free, and Bleeping Computer has offered instructions on how to use it.

But, aside from encrypting document, image, database and other files not crucial for the functioning of the computer, it also encrypts Windows’ system files, and this makes the targeted machine slow and unstable, Dell SonicWALL researchers have found.

“In the instructions, the Badblock authors suggest not to shutdown the infected machine. If the user decides to, they will not be able to log back in because during our analysis we found that the files responsible for rebooting the machine were also encrypted,” they pointed out.

“At this point, the victim is locked out of their machine and the machine is rendered useless. Users will also be unable to use system restore because the files, progman.exe and rstrui.exe, have also been encrypted. “