BadBlock is a ransomware-type virus that, after system infiltration, encrypts various files stored in victims’ computers. Unlike other ransomware, BadBlock does not add any extension to encrypted files. After encryption, BadBlock opens a window with a message providing details about the encryption. This ransomware also creates a Help_Decrypt.html file (which contains an identical message), placing it in each folder containing the encrypted files.
Unlike other ransomware like Locky, TeslaCrypt, KimcilWare, PETYA, Mischa and CryptXXX, BadBlock does not append a custom extension to the encrypted file.
It changes the computer’s wallpaper to a red lock screen and grabs the victim’s attention with the caption, “Badblock in on the block!” It claims that the user’s files have been encrypted using RSA algorithm, an asymmetric cryptographic algorithm that uses two different keys (public and private) commonly used to transmit data securely.
After rendering the files inaccessible, BadBlock demands a ransom of two bitcoins (or $900, according to the ransom note). The user is also provided with help links on how to buy bitcoins and how to transfer them to the attacker’s account.
The ransom note further explains that the decryption process will only start upon verification of payment, which it says can take up to two hours. It also warns, “If your anti-virus gets updated and remove BadBlock automatically, even if you pay the ransom, it will not be able to recover your files!”