.BlockBax v3.2 Files Virus – Remove and Restore Encrypted Files

.BlockBax v3.2 Files Virus – Remove and Restore Encrypted Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

remove BlockBax v3.2 virus rotorcrypt ransomware

This article aims to help you remove the .BlockBax v3.2 ransomware virus from your computer and restore files that have been encrypted by this RotorCrypt variant without paying the ransom.

In case that your files have the extension ! ,–, Revert Access ,–, starbax@tutanota.com ,–,.BlockBax_v3.2 appended at their names and you cannot open them, your computer has been infected by RotorCrypt ransomware. The threat is designed to infiltrate computer systems in order to encrypt files that store important information so it can then blackmail victims into paying a ransom. After encryption RotorCrypt ransomware may drop a ransom note that provides information how the payment should be done. However, you shouldn’t pay the ransom but better remove the ransomware and try to restore .BlockBax v3.2 files with the help of alternative methods. Some of them you could find in the guide below.

Threat Summary

Name.BlockBax v3.2
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware virus encrypts files on your PC and drops a ransom note that demands payment for the decryption of .BlockBax v3.2 files.
SymptomsThis ransomware encrypts important files and then renames them with the long extension ! ,–, Revert Access ,–, starbax@tutanota.com ,–,.BlockBax_v3.2. The access to encrypted files is restricted. A ransom payment is demanded.
Distribution MethodSpam Emails, Email Attachments, Executable Files
Detection Tool See If Your System Has Been Affected by .BlockBax v3.2


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .BlockBax v3.2.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.BlockBax v3.2 Files Virus – Distribution

Hackers behind .BlockBax v3.2 files virus may utilize several ways of its distribution. The threat is most likely to invade computer systems via email messages with malicious components. Such emails are usually trying to trick you into activating the ransomware payload on your system. For the purpose the message urges you to click a provided web link or download an attached file.

Visiting a compromised web page may result in an unnoticed execution of .BlockBax v3.2 files virus directly on your PC. This way of distribution allows hackers to inject the ransomware payload into various web pages and then set them to download it each time a user land on them. Links to compromised web pages that deliver the new version of RotorCrypt ransomware may be spread on various social media channels and instant messaging services.

.BlockBax v3.2 Files Virus – Infection Flow

According to analyses conducted by security researchers, there is a new strain of RotorCrypt ransomware that has been released in attack campaigns against PC users worldwide. It is mainly associated with the long extension ! ,–, Revert Access ,–, starbax@tutanota.com ,–,.BlockBax_v3.2 that appears at the end of each corrupted file.

However, being a ransomware infection, RotorCrypt needs to plague the system at first. After it establishes its malicious files and objects on the infected system, RotorCrypt can perform a scan to locate all target files and encrypt them.

If your computer has been infected by the new RotorCrypt version, it is likely that the ransomware modified the values under some essential registry sub-keys like Run and RunOnce. As these keys control the programs that execute automatically at each Windows system load, RotorCrypt virus may add a value that will enable its malicious payload to start anytime you decide to use the infected PC. What’s more the ransomware virus may remain invisible on the system and bypass the installed anti-virus software by using advanced obfuscation techniques.

At the end of the attack, the so-called .BlockBax v3.2 files virus could drop a ransom note on the infected host. The message may appear automatically on the PC screen and is likely to blackmail you into transferring a ransom to hackers’ digital wallet. Don’t let hackers trick you into paying the ransom. There is no guarantee that they have a working solution for your encrypted files.

The good news is that previous RotorCrypt versions are decrypted successfully by malware researchers from Kaspersky. With their decryption tool Rakhni you could restore some .BlockBax v3.2 files. Find a download link in the guide below.

.BlockBax v3.2 Files Virus– Data Encryption

The main goal of .BlockBax v3.2 files virus is to locate all target types of files stored on the infected host in order to encrypt them with the help of strong cipher algorithm. At this point, a full list of extensions targeted by the last RotorCrypt strain lacks. Based on our previous research on RotorCrypt ransomware all files that have one of the following extensions may be encrypted:

→.csv, .doc, .ppt, .xls, .avi, .bak, .bmp, .dbf, .djvu, .docx, .exe, .flv, .gif, .jpeg, .jpg, .mdb, .sql, .mdf, .odt, .pdf, .png, .pps, .pptm, .pptx, .psd, .rar, .raw, .tif, .txt, .vob, .xlsb, .xlsx, .zip

All of the encrypted files receive the extension ! ,–, Revert Access ,–, starbax@tutanota.com ,–,.BlockBax_v3.2 appended after their original names. As you can see the extension presents a contact email address used by hackers. Be advised to avoid any contacts with them as they may trick you into sending broken solution after payment. In addition, they may try to deliver yet another malware infection on your PC by using the functionalities of the existing threat.

Continue reading to check in what ways you could try to restore some of your data.

.BlockBax v3.2 Files Virus – Remove It and Restore Files

The step-by-step removal guide below provides both manual and automatic approaches. Beware that the removal of .BlockBax v3.2 crypto virus is not an easy task. It is a severe threat that plagues the whole system. Security researchers recommend the help of advanced anti-malware tool for maximum efficiency.

After you fulfill the removal process make sure to check the “Restore Files” step available in our guide below. But before that be advised to back up all encrypted files to an external drive and prevent their irreversible loss.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for three years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share