BlockFile12 ransomware / virus (Easy Removal Guide) - Bonus: Decryption Steps
BlockFile12 virus Removal Guide
What is BlockFile12 ransomware virus?
BlockFile12 ransomware virus takes files to hostage and demands to pay the ransom
BlockFile12 is a crypto-malware that encrypts files on the affected computers and distorts file names. After the attack, each of the targeted documents, multimedia files, and other data includes a contact information and .block_file12 file extension. Ransomware uses this scheme for renaming affected files: .===contact_mail===itankan12@gmail.com===.block_file12. Following data encryption, ransomware drops a ransom note on the desktop which is called HOW TO DECRYPT FILES.txt. The threatening letter explains that victims have to contact cyber criminals via itankan12@gmail.com email address in order to get instructions for data recovery. However, having conversations with crooks is not a good idea. They will probably use some psychological terror and blackmailing techniques to convince you to transfer particular amount of Bitcoins. The size of the ransom is unknown. It seems that cyber criminals decide the worth of the files individually. However, it doesn’t matter how much money they ask; you should not make the payment. Remove BlockFile12 from the computer and save your money. Cyber criminals may not provide you promised decryption software, but they will gladly use your money for future projects.
Apart from corrupting files, BlockFile12 might also open the backdoor for other malware. Thus, the longer you let it stay on your computer, the bigger risk you take to encounter other ransomware or data-stealing Trojans. If you are having thoughts about paying the ransom, we want to discourage you from making the wrong decision. Transferring Bitcoins will not remove ransomware from the computer. Besides, you may not get back your files because cyber criminals do not always keep up their promise.[1] If you have data backups or at least some of your files saved in external or online storage, you have everything what you need. If not, you should try our alternative recovery options that are absolutely safe. However, you should think about data recovery after BlockFile12 removal. Thus, if you got infected, install FortectIntego, scroll down to the end of the article, and learn how to clean your device.
BlockFile12 virus encrypts files on the affected computer and asks to contact cyber criminals in order to get instructions how to decrypt data.
The main ways how ransomware infiltrates computers
BlockFile12 ransomware might get into the PC using several techniques. There’s no doubt that cybercriminals use social engineering techniques[2] and spread numerous malicious emails that include infected attachments or links. Such emails might look like sent from governmental institutions, banks, delivery services, etc. The letter itself might inform about serious problems or necessity to check some information, and ask to open the attachment or visit a particular website. Once you do that malicious payload is downloaded and executed on the system. Furthermore, BlockFile12 hijack might also occur when you visit crafted website, click on a malware-laden ad or download bogus software. Therefore, it’s crucial to avoid visiting high-risk Internet sites (e.g. adult-themed, gaming, gambling, etc.) and clicking online ads. We want to point out that malicious ads might also be placed on legitimate websites as well and barely differ from safe ads. Thus, before clicking that ad offering amazing shopping deal, you should think twice whether it’s actually worth taking a risk.
The step-by-step guide for BlockFile12 removal
We recommend performing automatic BlockFile12 removal using powerful security software. It’s the only safe way to get rid of all malicious files and processes. Ransomware-type viruses might inject codes into legitimate system processes; thus, terminating it manually is nearly impossible for regular computer users. In order to avoid causing damage to your PC, you should install malware removal program and run the system scan several times. We suggest assigning this task for FortectIntego, Malwarebytes or SpyHunter 5Combo Cleaner. Of course, you can choose other security tools as well. However, if you cannot install the program and remove BlockFile12 automatically, you may find our instructions handy. Malware might be resistant. However, its removal is still possible!
Getting rid of BlockFile12 virus. Follow these steps
Manual removal using Safe Mode
Follow the steps below to restart the computer to the Safe Mode with Networking in order to perform the automatic BlockFile12 removal.
Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
Downloads
Recycle Bin
Temporary files - Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
%AppData%
%LocalAppData%
%ProgramData%
%WinDir%
After you are finished, reboot the PC in normal mode.
Remove BlockFile12 using System Restore
System Restore method also helps to disable the virus and run automatic removal.
-
Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Command Prompt from the list
Windows 10 / Windows 8- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
-
Step 2: Restore your system files and settings
- Once the Command Prompt window shows up, enter cd restore and click Enter.
- Now type rstrui.exe and press Enter again..
- When a new window shows up, click Next and select your restore point that is prior the infiltration of BlockFile12. After doing that, click Next.
- Now click Yes to start system restore.
Bonus: Recover your data
Guide which is presented above is supposed to help you remove BlockFile12 from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.If your files are encrypted by BlockFile12, you can use several methods to restore them:
Try Data Recovery Pro for restoring encrypted files
If you do not have data backups, you should try Data Recovery Pro. This program is capable of restoring damaged, corrupted, deleted and some of the encrypted files.
- Download Data Recovery Pro;
- Follow the steps of Data Recovery Setup and install the program on your computer;
- Launch it and scan your computer for files encrypted by BlockFile12 ransomware;
- Restore them.
Take advantage of Windows Previous Versions feature
If System Restore function was activated on your PC before BlockFile12 ransomware attack, you should follow the steps below and copy previously saved versions of the encrypted files.
- Find an encrypted file you need to restore and right-click on it;
- Select “Properties” and go to “Previous versions” tab;
- Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.
Use ShadowExplorer
If ransomware failed to delete Shadow Volume Copies of the targeted files, you could use this tool and recover encrypted data.
- Download Shadow Explorer (http://shadowexplorer.com/);
- Follow a Shadow Explorer Setup Wizard and install this application on your computer;
- Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
- Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.
BlockFile12 decryptor is not available yet.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from BlockFile12 and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting ransomware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.
- ^ Michael Collis. Hospital Paid the Ransom, but the Criminals Didn’t Decrypt the Files. WatchPoint Data Blog. The latest online security and industry news by WatchPoint.
- ^ Wendy Zamora. Hacking your head: how cybercriminals use social engineering. Malwarebytes Labs. The Security Blog From Malwarebytes.