Blocking Ransomware

What is Blocking Ransomware?

Blocking Ransomware is a new malicious application seeking to extract money from computer users. Although it has been detected by specialists at only recently and is considered a new threat, it is, technically, not completely new because it is a variant of BTCWare Ransomware. That is, it is based on its engine. Because of this, specialists have quickly found out how it acts on compromised machines. They say that Blocking Ransomware is another threat trying to obtain money from people. Cyber criminals who develop such malicious applications know well that users are not going to give them their money easily, so they create threats that encrypt files upon arrival to give them the reason to pay money. Unfortunately, ransomware infections encrypt files using strong encryption algorithms, so it is not always possible to unlock files without the special key. Of course, we do not try to say here that you should go to purchase a decryptor from cyber criminals. Instead, we recommend, first and foremost, getting rid of the ransomware infection so that it could not lock more files. The removal of the ransomware infection will be explained in the final paragraph, but we want you to understand how it acts first.test

What does Blocking Ransomware do?

There is nothing unique about Blocking Ransomware because it acts as a typical ransomware infection encrypting users’ personal files. As mentioned above, there is only one goal ransomware infections have – to get easy money, so they do not hide in the background like some other malicious applications. Instead, they start working immediately, i.e. encrypting users’ data the same second they successfully enter the system. Research has shown that Blocking Ransomware encrypts all files, except for system files and Internet Explorer files. It is obvious which files have been encrypted – those encrypted ones become !#_READ_ME_#!.hta.[].blocking (a different email address might be used too). Users not only notice names and original extensions of their files changed. Victims also discover a new file !#_READ_ME_#!.hta on their Desktops. This file is a ransom note explaining what has happened to files and what users can do to unlock them. First, they are told to send the provided unique ID to Then, they will “have to pay for decryption in Bitcoins.” The exact price of the decryption is not indicated. Users are only told that “the price depends on how fast you write to us.” Although cyber criminals promise to send the decryption tool to users right after receiving users’ money, you might be left without your files and without your money because cyber criminals often do not bother sending the decryptor tool to victims when they get money. Because of this, we do not recommend paying a ransom to malware developers. Luckily, it does not mean that you cannot restore your files. Files can always be restored for free from a backup, so you can get them back easily if you have copies of those encrypted files stored somewhere outside the compromised machine.

Where does Blocking Ransomware come from?

Several different tactics might be used to spread ransomware infections, so it is not very easy to say what the reason behind the entrance of Blocking Ransomware on your computer is. Specialists at are sure for one thing – it has entered your computer illegally. Research recently conducted by malware researchers has clearly shown that these threats might be disseminated via spam emails. Also, they might be masqueraded as legitimate software. Finally, other malicious applications might help them to enter users’ PCs unnoticed. You cannot turn the clock back in order not to encounter Blocking Ransomware, but you can surely delete it from your system. Do this as soon as possible and install a security application on your PC in order not to lose files due to the entrance of malware again in the future.

How to remove Blocking Ransomware

You will not have to put much effort into the Blocking Ransomware removal because it is quite easy to erase this infection. Removing suspicious files from the system and a ransom note from Desktop should be enough to erase this threat fully. If not, scan your PC with a reputable malware remover. Unfortunately, you will not get your files unlocked no matter how you delete Blocking Ransomware. You could restore those encrypted files for free from a backup only, or you can wait till specialists develop a decryptor and it becomes available on the web.

Blocking Ransomware manual removal guide

  1. Tap Win+E to open Windows Explorer.
  2. Access two directories where recently downloaded files are usually located: %USERPROFILE%\Downloads and %USERPROFILE%\Desktop.
  3. Delete all suspicious files.
  4. Remove the ransom note !#_READ_ME_#!.hta from Desktop.
  5. Empty Recycle bin. 100% FREE spyware scan and
    tested removal of Blocking Ransomware*

Leave a Comment

Enter the numbers in the box to the right *