Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Bloccato Crypto Virus and Restore .Bloccato Encrypted Files

bloccato-ransom-file-sensorstechforumA ransomware virus meant for Italian speaking users has been released, using a strong encryption algorithm to cipher the files of the victims, making them impossible to be opened. The so-called Bloccato virus appends the .bloccato file extension to the encoded files and leaves a ransom note in Italian, on a .txt file, named “LEGGI QUESTO FILE”. Experts strongly advise users who have become victims of the ransomware not to pay the expensive ransom amount of 5 BTC(~2000 USD), and wait for an update regarding decryption which we will post as soon as possible. In the meantime it is recommended to remove Bloccato ransomware and try some of the alternative methods for file restoration after this article.

Threat Summary

Name Bloccato
Type Ransomware
Short Description The ransomware encrypts files with a strong cipher and asks a ransom for decryption in Italian.
Symptoms Files are encrypted with the .bloccato file extension and become inaccessible. A ransom note with instructions for paying the ransom shows as a “LEGGI QUESTO FILE.txt” file.
Distribution Method Spam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Bloccato

Download

Malware Removal Tool

User Experience Join our forum to Discuss Bloccato Crypto Virus.

Bloccato Ransomware – How Does It Infect

Malware research experts suggest that Bloccato ransomware may spread via spam e-mail messages, since the name of the Italian prime minister Mateo Renzi is mentioned in the filename of its malicious executables. This is why we strongly advise users who have come across any e-mails with malicious web links or archived files that may contain any reference to the name, to delete them immediately.

Bloccato Ransomware In Detail

Malware researchers have managed to successfully establish which files does the ransomware create after infection:

  • LEGGI QUESTO FILE.txt which roughly translates to READ THIS FILE.
  • mateo-renzi.exe

The virus may immediately be executed after you restart your Windows and can start encrypting files of the following file extensions:

→ .avi, .csv, .dbf, .dif, .doc, .docx, .dwg, .dxf, .eps, .fm3, .html, .jpeg, .jpg, .mdb, .mov, .odt, .pdf, .png, .pps, .ppt, .pptx, .psd, .rar .rtf, .sql, .txt, .wks, .xls, .xlsx, .xml, .zip

The files that have been encrypted by the “mateo-renzi.exe” file have the .bloccato file extension appended to them:

→ New Text Document.txt.bloccato

From, what it appears the .txt file may be located on the Desktop of the infected computer and folders with encrypted files so that the user may see this ransom message:

Original Message:
“EGREGIO AMICO, I SUOI FILES SONO STATI CRIPTATI CON UN ALGORITMO AD ELEVATA CIFRATURA
LA CHIAVE PER RIPRISTINARE I SUOI FILES È STATA MEMORIZZATA SU UN NOSTRO SERVER SEGRETO\nPER AVERLA DOVRÀ PAGARE CON 5 BITCOIN ENTRO MASSIMO 3 GIORNI
QUALORA NON DOVESSE PAGARE ENTRO I TERMINI SPECIFICATI, IL COSTO DELLA CHIAVE SALIRÀ AUTOMATICAMENTE A 10 BITCOIN
E AVRÀ SOLO ALTRE 72 ORE DI TEMPO PER PAGARE.
SE RIFIUTA DI PAGARE LA CHIAVE VERRÀ DISTRUTTA DEFINITIVAMENTE
MEDESIMO DESTINO SE PROVERÀ A RIMUOVERE O A ELIMINARE QUESTO PROGRAMMA
PER SAPERE COME FARE AD EFFETTUARE IL PAGAMENTO IN BITCOIN VADA SU QUESTO SITO: WWW.COMPRABITCOIN.IT O SU WWW.BITCOIN.ORG/IT O BISTAMP.NET
SE RISCONTRASSE DIFFICOLTÀ LA INVITO A RIVOLGERSI AD UN ESPERTO INFORMATICO PER FARSI AIUTARE
QUESTO È L’INDIRIZZO BITCOIN A CUI INVIARE IL DENARO: {CYBER CROOKS BITCOIN ADDRESS HERE}
ENTRO 72 ORE DAL RICEVIMENTO DEL PAGAMENTO LE INVIEREMO IL CODICE,
E TUTTE LE INFORMAZIONI UTILI ALLO SBLOCCO DI TUTTI I SUOI FILES.
CERTO DI UN SUO FAVOREVOLE RISCONTRO LE PORGO I MIEI PIÙ CORDIALI SALUTI”
Rough English Translation:
“DEAR FRIEND, YOUR FILES ARE ENCRYPTED WITH ALGORITHM WITH A HIGH ENCRYPTION
THE KEY TO RESTORE YOUR FILES HAS BEEN STORED ON OUR SECRET SERVER. TO HAVE IT WILL HAVE TO PAY WITH MAXIMUM 5 Bitcoin WITHIN 3 DAYS
IF NOT TO PAY WITHIN THE TERMS SPECIFIED IN THE COST OF KEY TO AUTOMATICALLY will rise to 10 Bitcoin
AND YOU WILL HAVE ONLY 72 MORE HOURS OF TIME TO PAY.
IF YOU REFUSE TO PAY THE KEY WILL DEFINITELY DESTROYED
SAME FATE WILL WILL HAPPEN IF YOU TRY TO REMOVE OR TO ELIMINATE THIS PROGRAM
TO KNOW HOW TO MAKE PAYMENT IN Bitcoin GO ON THIS SITE: WWW.COMPRABITCOIN.IT OR WWW.BITCOIN.ORG/IT OR BISTAMP.NET
YOU MAY CALL FOR ADVICE FROM AN EXPERT COMPUTER FOR GETTING HELP
THIS IS THE ADDRESS TO WHICH Bitcoin SEND MONEY: {CYBER CROOKS Bitcoin ADDRESS HERE}
WITHIN 72 HOURS OF RECEIPT OF THE PAYMENT we WILL SEND THE CODE,
AND ALL INFORMATION USEFUL TO RELEASE OF ALL ITS FILES.
BEST REGARDS”

Bloccato Ransomware – Conclusion, Removal, and Advice on File Restoration

In brief, Bloccato ransomware is a simple “ransom-crypt” malware that aims to prevent you from accessing your files by enciphering them. The ransomware may use a strong AES, RSA, DH or another cypher. It may threaten that the decryption key will be destroyed if you delete it. However, this may not be true. Either way, we advise you not to trust this scary message and wait for a solution, which we will post as soon as it has been found.

In the mean time, you are welcome to follow the instructions below and remove Bloccato Ransomware after which try and restore your files using the alternative solutions posted there. They may not be the “100 percent guarantee” type but could restore a small portion of your files.

Manually delete Bloccato from your computer

Note! Substantial notification about the Bloccato threat: Manual removal of Bloccato requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Bloccato files and objects
2.Find malicious files created by Bloccato on your PC
3.Fix registry entries created by Bloccato on your PC

Automatically remove Bloccato by downloading an advanced anti-malware program

1. Remove Bloccato with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Bloccato in the future
3. Restore files encrypted by Bloccato
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.