Home Malware Programs Ransomware Epoblockl Ransomware

Epoblockl Ransomware

Posted: November 16, 2018

The Epoblockl Ransomware is a new version of Hidden Tear: a free, file-locking Trojan that locks your files with encryption. Besides encrypting text documents and other media, the Epoblockl Ransomware creates ransom notes, launches pop-ups, and appends multiple extensions to the names of the hostage files. Have your anti-malware programs remove the Epoblockl Ransomware as soon as they identify it, and restore your work with free decryption software or a backup.

Hidden Tear Gets Even Cheaper than Before

A new version of the broad-spanning Hidden Tear family is in development by an unidentified threat actor. The Epoblockl Ransomware, like other versions of HT software such as the Scrabber Ransomware, the Mimicry Ransomware, the Foxy Ransomware, the MemeLocker Ransomware, and the Saramat Ransomware, blocks your media files with the AES encryption. The attack can deprive users of their documents, pictures, and similar content while encouraging – often futile – paying of a ransom for restoring them.

The Epoblockl Ransomware uses the 128-bit AES, instead of the traditional AES-256, for locking the files, but, in most areas of its configuration, uses file-blocking behavior that's similar to its recent ancestors. It searches all drives for sixty-five extensions (examples include ZIP archives, Word DOC documents, and PNG images) and locks them, then, adds new extensions into their names. The only significant divergence that the Epoblockl Ransomware shows from other Hidden Tear variants is the use of different extensions for different files arbitrarily, which malware experts haven't seen in similar threats. Your media content may have 'Epoblockl' or 'Crypted' extensions, neither of which overwrite the rest of the filename.

The Epoblockl Ransomware has two methods of providing a ransom note for its victims to follow for buying the threat actor's decryption tool. Like many Hidden Tear types, the Epoblockl Ransomware creates a Notepad message, but it also launches a Windows dialogue box or pop-up with identical text. For now, malware researchers are dubbing these symptoms as being placeholders, since the Epoblockl Ransomware asks for Bitcoins without specifying an amount, other than zero.

Stopping All the Wrong Extensions at the Doorstep

The fact that its ransoming preferences are incomplete doesn't do any damage to the encryption portion of the Epoblockl Ransomware's payload, which represents the dominant security issue for users with infected PCs. This Windows program hides its process in the background while it blocks your media, although free, Hidden Tear-compatible decryptors may be capable of helping with their recovery. However, malware researchers always encourage backing up data to other devices for keeping new versions of file-locking Trojans from causing encryption problems that block your work in perpetuity.

The Epoblockl Ransomware has no file credentials that provide any signs of how its threat actor plans on infecting Windows users. File-locking Trojans are notable for having campaigns that emphasize RDP and brute-force attacks, as well as spam e-mails, versus business-based targets, while more 'informal' victims could compromise themselves with illicit torrents or corrupted websites hosting an exploit kit. Anti-malware products can block nearly all of these infection vectors and delete the Epoblockl Ransomware readily.

Having your files imprisoned by the Trojan equivalent of freeware is an undignified and unnecessary fate for data that could be worth paying a ransom for getting unlocked. New versions of Hidden Tear are sure to continue circulating until users can bring themselves to make backups of what's important to them.

Loading...